Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   svchost.exe infiziert (https://www.trojaner-board.de/79261-svchost-exe-infiziert.html)

Chronic 09.11.2009 12:45
svchost.exe infiziert
 
Ein Problem mit meiner svchost.exe. Ich habe meinen PC mit Gmer gescannt und er hat einen Rootkit gefunden, klicke danach auf Disabled aber er kommt immer wieder zurück nur mit einen anderen Namen. Kann mir jemand helfen den für immer rauszubekommen? Da gibt es auch einen Virus im Ordner C:\windows\system32\ namens "honmurv.dll". Versucht zu löschen aber es kommt nach paar Tagen auch zurück :confused:

Ich Poste mal hier den Hijackthis:


1. Hijackthis Log

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:11:15, on 09.11.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Programme\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Programme\IBM ThinkVantage\Common\Logger\logmon.exe
C:\Programme\Lenovo\TrackPoint\tp4serv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Programme\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programme\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Programme\ThinkVantage\AMSG\Amsg.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\Lenovo\AwayTask\AwaySch.EXE
C:\Programme\IBM ThinkVantage\Client Security Solution\cssauthe.exe
C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\ZyXEL\ADSL USB Modem\CnxDslTb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\acs.exe
C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\Windows Live\Contacts\wlcomm.exe
C:\Dokumente und Einstellungen\****\Desktop\gmer.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = h**p://www.crawler.com/search/ie.aspx?tb_id=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = h**p://dnl.crawler.com/support/sa_customize.aspx?TbId=60347
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O4 - HKLM\..\Run: [TrackPointSrv] C:\Programme\Lenovo\TrackPoint\tp4serv.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [suScheduler] C:\Programme\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Programme\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [cssauthe] "C:\Programme\IBM ThinkVantage\Client Security Solution\cssauthe.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programme\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programme\ZyXEL\ADSL USB Modem\CnxDslTb.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: ThinkPad-Software - Aktualisierung - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Programme\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=h**p://www.lenovo.com/de/de
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - h**p://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{76D8461C-8D60-4047-9BBA-0A5AD015F0E1}: NameServer = 195.34.133.21 212.186.211.21
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: AwayNotify - C:\Programme\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS-Basisservice (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Programme\ThinkVantage\SystemUpdate\UCLauncherService.exe

--
End of file - 9376 bytes

Angel21 09.11.2009 14:21
Hallo, bitte poste dochmal einen Gmer Log. Sonst wissen wir nicht was gefunden wurde.

Chronic 09.11.2009 16:35
Mein Gmer Log war viel zu lang, Ich poste mal nur die erste hälfte (---- Files - GMER 1.0.15 ---- hab ich ausgelassen)

Code:
GMER 1.0.15.14966 - h**p://www.gmer.net
Rootkit scan 2009-11-09 12:41:40
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT            Lbd.sys (Boot Driver/Lavasoft AB)                                                                                                                                                                    ZwCreateKey [0xF84D487E]
SSDT            Lbd.sys (Boot Driver/Lavasoft AB)                                                                                                                                                                    ZwSetValueKey [0xF84D4BFE]

---- Kernel code sections - GMER 1.0.15 ----

?              xypis.sys                                                                                                                                                                                            Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                                                                                            Lbd.sys (Boot Driver/Lavasoft AB)

Device          \FileSystem\Fastfat \Fat                                                                                                                                                                            A1A19C8A

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                                                                                            fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device          \FileSystem\Cdfs \Cdfs                                                                                                                                                                              DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Services - GMER 1.0.15 ----

Service        C:\WINDOWS\system32\svchost.exe (*** hidden *** )                                                                                                                                                    [DISABLED] qhrlk                                                                                                                                                                                                                                                                                                        <-- ROOTKIT !!!
Service        C:\WINDOWS\system32\svchost.exe (*** hidden *** )                                                                                                                                                    [DISABLED] qmvgm                                                                                                                                                                                                                                                                                                        <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\qhrlk@DisplayName                                                                                                                                            Helper Center
Reg            HKLM\SYSTEM\CurrentControlSet\Services\qhrlk@Type                                                                                                                                                    32
Reg            HKLM\SYSTEM\CurrentControlSet\Services\qhrlk@Start                                                                                                                                                  4
Reg            HKLM\SYSTEM\CurrentControlSet\Services\qhrlk@ErrorControl                                                                                                                                            0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\qhrlk@ImagePath                                                                                                                                              %SystemRoot%\system32\svchost.exe -k netsvcs
Reg            HKLM\SYSTEM\CurrentControlSet\Services\qhrlk@ObjectName                                                                                                                                              LocalSystem
Reg            HKLM\SYSTEM\CurrentControlSet\Services\qhrlk@Description                                                                                                                                            Speichert Sicherheitsinformationen f?r lokale Benutzerkonten.
Reg            HKLM\SYSTEM\CurrentControlSet\Services\qhrlk\Parameters                                                                                                                                             
Reg            HKLM\SYSTEM\CurrentControlSet\Services\qhrlk\Parameters@ServiceDll                                                                                                                                  C:\WINDOWS\system32\honmurv.dll
Reg            HKLM\SYSTEM\CurrentControlSet\Services\qmvgm@DisplayName                                                                                                                                            Windows Driver
Reg            HKLM\SYSTEM\CurrentControlSet\Services\qmvgm@Type                                                                                                                                                    32
Reg            HKLM\SYSTEM\CurrentControlSet\Services\qmvgm@Start                                                                                                                                                  4
Reg            HKLM\SYSTEM\CurrentControlSet\Services\qmvgm@ErrorControl                                                                                                                                            0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\qmvgm@ImagePath                                                                                                                                              %SystemRoot%\system32\svchost.exe -k netsvcs
Reg            HKLM\SYSTEM\CurrentControlSet\Services\qmvgm@ObjectName                                                                                                                                              LocalSystem
Reg            HKLM\SYSTEM\CurrentControlSet\Services\qmvgm@Description                                                                                                                                            Unterst?tzt Datei-, Drucker- und Named-Piped-Freigabe f?r diesen Computer ?ber das Netzwerk. Diese Funktionen sind nicht mehr verf?gbar, falls dieser Dienst beendet wird. Falls dieser Dienst deaktiviert wird, k?nnen die Dienste, die von diesem Dienst ausschlie?lich abh?ngig sind, nicht mehr gestartet werden.
Reg            HKLM\SYSTEM\CurrentControlSet\Services\qmvgm\Parameters                                                                                                                                             
Reg            HKLM\SYSTEM\CurrentControlSet\Services\qmvgm\Parameters@ServiceDll                                                                                                                                  C:\WINDOWS\system32\honmurv.dll
Reg            HKLM\SYSTEM\ControlSet003\Services\qhrlk@DisplayName                                                                                                                                                Helper Center
Reg            HKLM\SYSTEM\ControlSet003\Services\qhrlk@Type                                                                                                                                                        32
Reg            HKLM\SYSTEM\ControlSet003\Services\qhrlk@Start                                                                                                                                                      4
Reg            HKLM\SYSTEM\ControlSet003\Services\qhrlk@ErrorControl                                                                                                                                                0
Reg            HKLM\SYSTEM\ControlSet003\Services\qhrlk@ImagePath                                                                                                                                                  %SystemRoot%\system32\svchost.exe -k netsvcs
Reg            HKLM\SYSTEM\ControlSet003\Services\qhrlk@ObjectName                                                                                                                                                  LocalSystem
Reg            HKLM\SYSTEM\ControlSet003\Services\qhrlk@Description                                                                                                                                                Speichert Sicherheitsinformationen f?r lokale Benutzerkonten.
Reg            HKLM\SYSTEM\ControlSet003\Services\qhrlk\Parameters                                                                                                                                                 
Reg            HKLM\SYSTEM\ControlSet003\Services\qhrlk\Parameters@ServiceDll                                                                                                                                      C:\WINDOWS\system32\honmurv.dll
Reg            HKLM\SYSTEM\ControlSet003\Services\qmvgm@DisplayName                                                                                                                                                Windows Driver
Reg            HKLM\SYSTEM\ControlSet003\Services\qmvgm@Type                                                                                                                                                        32
Reg            HKLM\SYSTEM\ControlSet003\Services\qmvgm@Start                                                                                                                                                      4
Reg            HKLM\SYSTEM\ControlSet003\Services\qmvgm@ErrorControl                                                                                                                                                0
Reg            HKLM\SYSTEM\ControlSet003\Services\qmvgm@ImagePath                                                                                                                                                  %SystemRoot%\system32\svchost.exe -k netsvcs
Reg            HKLM\SYSTEM\ControlSet003\Services\qmvgm@ObjectName                                                                                                                                                  LocalSystem
Reg            HKLM\SYSTEM\ControlSet003\Services\qmvgm@Description                                                                                                                                                Unterst?tzt Datei-, Drucker- und Named-Piped-Freigabe f?r diesen Computer ?ber das Netzwerk. Diese Funktionen sind nicht mehr verf?gbar, falls dieser Dienst beendet wird. Falls dieser Dienst deaktiviert wird, k?nnen die Dienste, die von diesem Dienst ausschlie?lich abh?ngig sind, nicht mehr gestartet werden.
Reg            HKLM\SYSTEM\ControlSet003\Services\qmvgm\Parameters                                                                                                                                                 
Reg            HKLM\SYSTEM\ControlSet003\Services\qmvgm\Parameters@ServiceDll                                                                                                                                      C:\WINDOWS\system32\honmurv.dll

---- EOF - GMER 1.0.15 ----

Chronic 09.11.2009 16:38
Hier kommt die zweite hälfte von Gmer Log:

Code:
GMER 1.0.15.14966 - h**p://www.gmer.net
Rootkit scan 2009-11-09 12:41:40
Windows 5.1.2600 Service Pack 2


---- Files - GMER 1.0.15 ----

File            C:\RRbackups\Documents and Settings                                                                                                                                                                  0 bytes
File            C:\RRbackups\Documents and Settings\All Users                                                                                                                                                        0 bytes
File            C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten                                                                                                                                        0 bytes
File            C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft                                                                                                                              0 bytes
File            C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto                                                                                                                      0 bytes
File            C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA                                                                                                                  0 bytes
File            C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\MachineKeys                                                                                                      0 bytes
File            C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_616dc56a-40ba-4012-9d57-c85dcb645ead                                52 bytes
File            C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-18                                                                                                          0 bytes
File            C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-18\42e7e898003fbdeb9585806ee1664b51_616dc56a-40ba-4012-9d57-c85dcb645ead                                    57 bytes
File            C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-18\b973ec0ff915c48a18fe09064ce3a22d_616dc56a-40ba-4012-9d57-c85dcb645ead                                    56 bytes
File            C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_616dc56a-40ba-4012-9d57-c85dcb645ead                                    917 bytes
File            C:\RRbackups\Documents and Settings\Besitzer                                                                                                                                                        0 bytes
File            C:\RRbackups\Documents and Settings\Besitzer\Anwendungsdaten                                                                                                                                        0 bytes
File            C:\RRbackups\Documents and Settings\Besitzer\Anwendungsdaten\Microsoft                                                                                                                              0 bytes
File            C:\RRbackups\Documents and Settings\Besitzer\Anwendungsdaten\Microsoft\Crypto                                                                                                                        0 bytes
File            C:\RRbackups\Documents and Settings\Default User                                                                                                                                                    0 bytes
File            C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten                                                                                                                                    0 bytes
File            C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft                                                                                                                          0 bytes
File            C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect                                                                                                                  0 bytes
File            C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\CREDHIST                                                                                                          24 bytes
File            C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1927922163-4174163532-2867104960-1003                                                                    0 bytes
File            C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1927922163-4174163532-2867104960-1003\9470c6f5-2c0d-4338-aad6-398ca7803aaf                              388 bytes
File            C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1927922163-4174163532-2867104960-1003\Preferred                                                          24 bytes
File            C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2902354116-2224753999-2501214747-1003                                                                    0 bytes
File            C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2902354116-2224753999-2501214747-1003\dcfb8abd-7add-415c-a4e8-99c018e1e0d1                              388 bytes
File            C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2902354116-2224753999-2501214747-1003\Preferred                                                          24 bytes
File            C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\SystemCertificates                                                                                                        0 bytes
File            C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\SystemCertificates\My                                                                                                    0 bytes
File            C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\SystemCertificates\My\Certificates                                                                                        0 bytes
File            C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\SystemCertificates\My\CRLs                                                                                                0 bytes
File            C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\SystemCertificates\My\CTLs                                                                                                0 bytes
File            C:\RRbackups\Documents and Settings\****                                                                                                                                                            0 bytes
File            C:\RRbackups\Documents and Settings\****\Anwendungsdaten                                                                                                                                            0 bytes
File            C:\RRbackups\Documents and Settings\****\Anwendungsdaten\Microsoft                                                                                                                                  0 bytes
File            C:\RRbackups\Documents and Settings\****\Anwendungsdaten\Microsoft\Crypto                                                                                                                          0 bytes
File            C:\RRbackups\Documents and Settings\****\Anwendungsdaten\Microsoft\Crypto\RSA                                                                                                                      0 bytes
File            C:\RRbackups\Documents and Settings\****\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-2172647754-1684616302-2592667894-1006                                                                        0 bytes
File            C:\RRbackups\Documents and Settings\****\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-2172647754-1684616302-2592667894-1006\2873ef1b85385bb8dcd69fa43fcf9476_616dc56a-40ba-4012-9d57-c85dcb645ead  1297 bytes
File            C:\RRbackups\Documents and Settings\****\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-2172647754-1684616302-2592667894-1006\2e2805b80db2b74a83312d48743cb9db_616dc56a-40ba-4012-9d57-c85dcb645ead  46 bytes
File            C:\RRbackups\Documents and Settings\****\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-2172647754-1684616302-2592667894-1006\6b29ae44e85efac3c72ff4d1865d73f1_616dc56a-40ba-4012-9d57-c85dcb645ead  53 bytes
File            C:\RRbackups\Documents and Settings\****\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-2172647754-1684616302-2592667894-1006\83aa4cc77f591dfc2374580bbd95f6ba_616dc56a-40ba-4012-9d57-c85dcb645ead  45 bytes
File            C:\RRbackups\Documents and Settings\****\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-2172647754-1684616302-2592667894-1006\8f71098770f72c7a67cd8f1151619865_616dc56a-40ba-4012-9d57-c85dcb645ead  54 bytes
File            C:\RRbackups\Documents and Settings\****\Anwendungsdaten\Microsoft\Protect                                                                                                                          0 bytes
File            C:\RRbackups\Documents and Settings\****\Anwendungsdaten\Microsoft\Protect\CREDHIST                                                                                                                24 bytes
File            C:\RRbackups\Documents and Settings\****\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1927922163-4174163532-2867104960-1003                                                                          0 bytes
File            C:\RRbackups\Documents and Settings\****\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1927922163-4174163532-2867104960-1003\9470c6f5-2c0d-4338-aad6-398ca7803aaf                                      388 bytes
File            C:\RRbackups\Documents and Settings\****\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1927922163-4174163532-2867104960-1003\Preferred                                                                24 bytes
File            C:\RRbackups\Documents and Settings\****\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2172647754-1684616302-2592667894-1006                                                                          0 bytes
File            C:\RRbackups\Documents and Settings\****\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2172647754-1684616302-2592667894-1006\0ea395da-1762-4361-bf86-d4e38df253fc                                      388 bytes
File            C:\RRbackups\Documents and Settings\****\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2172647754-1684616302-2592667894-1006\18b3e4e8-41d8-49e8-b531-9d90974719f9                                      388 bytes
File            C:\RRbackups\Documents and Settings\****\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2172647754-1684616302-2592667894-1006\5ea4de69-4424-4ec6-b716-64f95c1bcbf3                                      388 bytes
File            C:\RRbackups\Documents and Settings\****\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2172647754-1684616302-2592667894-1006\da55f756-c413-431f-a97a-18487c53cf6d                                      388 bytes
File            C:\RRbackups\Documents and Settings\****\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2172647754-1684616302-2592667894-1006\eacbbe59-f023-454a-8d27-64e5fc59f7df                                      388 bytes
File            C:\RRbackups\Documents and Settings\****\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2172647754-1684616302-2592667894-1006\Preferred                                                                24 bytes
File            C:\RRbackups\Documents and Settings\****\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2902354116-2224753999-2501214747-1003                                                                          0 bytes
File            C:\RRbackups\Documents and Settings\****\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2902354116-2224753999-2501214747-1003\dcfb8abd-7add-415c-a4e8-99c018e1e0d1                                      388 bytes
File            C:\RRbackups\Documents and Settings\****\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2902354116-2224753999-2501214747-1003\Preferred                                                                24 bytes
File            C:\RRbackups\Documents and Settings\****\Anwendungsdaten\Microsoft\SystemCertificates                                                                                                              0 bytes
File            C:\RRbackups\Documents and Settings\****\Anwendungsdaten\Microsoft\SystemCertificates\My                                                                                                            0 bytes
File            C:\RRbackups\Documents and Settings\****\Anwendungsdaten\Microsoft\SystemCertificates\My\Certificates                                                                                              0 bytes
File            C:\RRbackups\Documents and Settings\****\Anwendungsdaten\Microsoft\SystemCertificates\My\CRLs                                                                                                      0 bytes
File            C:\RRbackups\Documents and Settings\****\Anwendungsdaten\Microsoft\SystemCertificates\My\CTLs                                                                                                      0 bytes
File            C:\RRbackups\Documents and Settings\****\Anwendungsdaten\ThinkVantage                                                                                                                              0 bytes
File            C:\RRbackups\Documents and Settings\****\Anwendungsdaten\ThinkVantage\Client Security                                                                                                              0 bytes
File            C:\RRbackups\Documents and Settings\****\Anwendungsdaten\ThinkVantage\Client Security\hibernation.dat                                                                                              4 bytes
File            C:\RRbackups\Documents and Settings\LocalService                                                                                                                                                    0 bytes
File            C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten                                                                                                                                    0 bytes
File            C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\Microsoft                                                                                                                          0 bytes
File            C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\Microsoft\SystemCertificates                                                                                                        0 bytes
File            C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\Microsoft\SystemCertificates\My                                                                                                    0 bytes
File            C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\Microsoft\SystemCertificates\My\Certificates                                                                                        0 bytes
File            C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\Microsoft\SystemCertificates\My\CRLs                                                                                                0 bytes
File            C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\Microsoft\SystemCertificates\My\CTLs                                                                                                0 bytes
File            C:\RRbackups\Documents and Settings\NetworkService                                                                                                                                                  0 bytes
File            C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten                                                                                                                                  0 bytes
File            C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft                                                                                                                        0 bytes
File            C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\SystemCertificates                                                                                                      0 bytes
File            C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\SystemCertificates\My                                                                                                  0 bytes
File            C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\SystemCertificates\My\Certificates                                                                                      0 bytes
File            C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\SystemCertificates\My\CRLs                                                                                              0 bytes
File            C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\SystemCertificates\My\CTLs                                                                                              0 bytes
File            C:\RRbackups\hints.dat                                                                                                                                                                              8192 bytes
File            C:\RRbackups\regcerts.dat                                                                                                                                                                            8192 bytes
File            C:\RRbackups\SAM                                                                                                                                                                                    262144 bytes
File            C:\RRbackups\system                                                                                                                                                                                  4456448 bytes
File            C:\RRbackups\system.dat                                                                                                                                                                              12288 bytes
File            C:\RRbackups\tvt.txt                                                                                                                                                                                6540 bytes
File            C:\RRbackups\usersids.dat                                                                                                                                                                            10400 bytes

---- EOF - GMER 1.0.15 ----

Angel21 09.11.2009 17:21
Anleitung Avenger (by swandog46)

Lade dir das Tool Hopsassa und speichere es auf dem Desktop:
  • Kopiere nun folgenden Text in das weiße Feld bei -> "input script here"
Code:
drivers to delete:
qhrlk
qmvgm
http://saved.im/mzi3ndg3nta0/aven.jpg
  • Schliesse nun alle Programme und Browser-Fenster
  • Um den Avenger zu starten klicke auf -> Execute
  • Dann bestätigen mit "Yes" das der Rechner neu startet
  • Nachdem das System neu gestartet ist, findest du einen Report vom Avenger unter -> C:\avenger.txt
  • Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board.

Nach Avenger bitte ich Dich noch Malwarebytes Anti_Malware laufen zu lassen per einem Vollständigem Scan.

Logs von:
1. Avenger
2. Malwarebytes
posten.

Chronic 09.11.2009 20:19
Avenger Log:

Code:
Logfile of The Avenger Version 2.0, (c) by Swandog46
h**p://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "qhrlk" deleted successfully.
Driver "qmvgm" deleted successfully.
Driver "gwkjbob" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

Malware Log: (Nichts gefunden, schon davor alles weggeputzt) :)

Code:
Malwarebytes' Anti-Malware 1.41
Datenbank Version: 3134
Windows 5.1.2600 Service Pack 2

09.11.2009 20:15:38
mbam-log-2009-11-09 (20-15-38).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 146362
Laufzeit: 19 minute(s), 22 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Angel21 09.11.2009 20:26
Start - ausführen - "regedit" reinschreiben - oben auf "Bearbeiten" dann dort auf Suche gehen und "netsvcs" reinschreiben, diesen schlüssel dann bitte exportieren, sodass ich mir die Details anschauen kann von dem Registry Schlüssel.

Chronic 09.11.2009 22:55
Code:
Schlüsselname: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost
Klassenname: <KEINE KLASSE>
Letzter Schreibzugriff: 09.11.2009 - 18:37
Wert 0
  Name: HTTPFilter
  Typ: REG_MULTI_SZ
  Daten: HTTPFilter

Wert 1
  Name: LocalService
  Typ: REG_MULTI_SZ
  Daten: Alerter
                  WebClient
                  LmHosts
                  RemoteRegistry
                  upnphost
                  SSDPSRV

Wert 2
  Name: NetworkService
  Typ: REG_MULTI_SZ
  Daten: DnsCache

Wert 3
  Name: netsvcs
  Typ: REG_MULTI_SZ
  Daten: 6to4
                  AppMgmt
                  AudioSrv
                  Browser
                  CryptSvc
                  DMServer
                  DHCP
                  ERSvc
                  EventSystem
                  FastUserSwitchingCompatibility
                  HidServ
                  Ias
                  Iprip
                  Irmon
                  LanmanServer
                  LanmanWorkstation
                  Messenger
                  Netman
                  Nla
                  Ntmssvc
                  NWCWorkstation
                  Nwsapagent
                  Rasauto
                  Rasman
                  Remoteaccess
                  Schedule
                  Seclogon
                  SENS
                  Sharedaccess
                  SRService
                  Tapisrv
                  Themes
                  TrkWks
                  W32Time
                  WZCSVC
                  Wmi
                  WmdmPmSp
                  winmgmt
                  wscsvc
                  xmlprov
                  BITS
                  wuauserv
                  ShellHWDetection
                  helpsvc
                  WmdmPmSN
                  qmvgm
                  qhrlk
                  gwkjbob

Wert 4
  Name: DcomLaunch
  Typ: REG_MULTI_SZ
  Daten: DcomLaunch
                  TermService

Wert 5
  Name: rpcss
  Typ: REG_MULTI_SZ
  Daten: RpcSs

Wert 6
  Name: imgsvc
  Typ: REG_MULTI_SZ
  Daten: StiSvc

Wert 7
  Name: termsvcs
  Typ: REG_MULTI_SZ
  Daten: TermService


Schlüsselname: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DComLaunch
Klassenname: <KEINE KLASSE>
Letzter Schreibzugriff: 11.08.2004 - 10:44
Wert 0
  Name: CoInitializeSecurityParam
  Typ: REG_DWORD
  Daten: 0x1

Wert 1
  Name: DefaultRpcStackSize
  Typ: REG_DWORD
  Daten: 0x8


Schlüsselname: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\HTTPFilter
Klassenname: <KEINE KLASSE>
Letzter Schreibzugriff: 11.08.2004 - 11:39
Wert 0
  Name: CoInitializeSecurityParam
  Typ: REG_DWORD
  Daten: 0x1


Schlüsselname: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService
Klassenname: <KEINE KLASSE>
Letzter Schreibzugriff: 11.08.2004 - 11:39
Wert 0
  Name: CoInitializeSecurityParam
  Typ: REG_DWORD
  Daten: 0x1

Wert 1
  Name: AuthenticationCapabilities
  Typ: REG_DWORD
  Daten: 0x2000


Schlüsselname: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs
Klassenname: <KEINE KLASSE>
Letzter Schreibzugriff: 11.08.2004 - 10:44
Wert 0
  Name: CoInitializeSecurityParam
  Typ: REG_DWORD
  Daten: 0x1

Wert 1
  Name: AuthenticationCapabilities
  Typ: REG_DWORD
  Daten: 0x3020


Schlüsselname: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PCHealth
Klassenname: <KEINE KLASSE>
Letzter Schreibzugriff: 11.08.2004 - 10:46
Wert 0
  Name: CoInitializeSecurityParam
  Typ: REG_DWORD
  Daten: 0x2

Wert 1
  Name: AuthenticationCapabilities
  Typ: REG_DWORD
  Daten: 0x40


Schlüsselname: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs
Klassenname: <KEINE KLASSE>
Letzter Schreibzugriff: 11.08.2004 - 10:44
Wert 0
  Name: CoInitializeSecurityParam
  Typ: REG_DWORD
  Daten: 0x1

Wert 1
  Name: DefaultRpcStackSize
  Typ: REG_DWORD
  Daten: 0x8

Angel21 10.11.2009 14:46
Fertige bitte ein RSIT Logfile an, ich brauche einen genauen Überblick über dein System. Erstaml brauche ich nur die Log.Txt die RSIT anfertigt.

Chronic 10.11.2009 19:19
RSIT Log: Teil 1

Code:
Logfile of random's system information tool 1.06 (written by random/random)
Run by **** at 2009-11-10 19:09:43
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 35 GB (68%) free of 52 GB
Total RAM: 502 MB (17% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:09:51, on 10.11.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Programme\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Programme\Lenovo\TrackPoint\tp4serv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Programme\ThinkVantage\AMSG\Amsg.exe
C:\Programme\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programme\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\Lenovo\AwayTask\AwaySch.EXE
C:\Programme\IBM ThinkVantage\Client Security Solution\cssauthe.exe
C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
C:\Programme\ZyXEL\ADSL USB Modem\CnxDslTb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\system32\acs.exe
C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Dokumente und Einstellungen\****\Desktop\RSIT.exe
C:\Programme\Trend Micro\HijackThis\****.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = h**p://www.crawler.com/search/ie.aspx?tb_id=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = h**p://dnl.crawler.com/support/sa_customize.aspx?TbId=60347
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O4 - HKLM\..\Run: [TrackPointSrv] C:\Programme\Lenovo\TrackPoint\tp4serv.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [suScheduler] C:\Programme\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Programme\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [cssauthe] "C:\Programme\IBM ThinkVantage\Client Security Solution\cssauthe.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programme\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programme\ZyXEL\ADSL USB Modem\CnxDslTb.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: ThinkPad-Software - Aktualisierung - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Programme\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=h**p://www.lenovo.com/de/de
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - h**p://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{76D8461C-8D60-4047-9BBA-0A5AD015F0E1}: NameServer = 195.34.133.21 212.186.211.21
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: AwayNotify - C:\Programme\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS-Basisservice (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Programme\ThinkVantage\SystemUpdate\UCLauncherService.exe

--
End of file - 9200 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\PMTask.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-08-01 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"=C:\Programme\Lenovo\TrackPoint\tp4serv.exe [2008-03-04 92960]
"TP4EX"=C:\WINDOWS\system32\tp4ex.exe [2005-10-17 65536]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-11-28 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-11-28 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-11-28 118784]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2006-02-24 237568]
"TPHOTKEY"=C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe [2006-03-09 94208]
"SoundMAXPnP"=C:\Programme\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"SoundMAX"=C:\Programme\Analog Devices\SoundMAX\Smax4.exe [2005-05-06 716800]
"suScheduler"=C:\Programme\ThinkVantage\SystemUpdate\UCLauncher.exe [2005-08-01 40960]
"LPManager"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe [2006-03-23 106496]
"AMSG"=C:\Programme\ThinkVantage\AMSG\Amsg.exe [2005-11-14 487424]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-08-01 122940]
"ISUSPM Startup"=c:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=c:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"AwaySch"=C:\Programme\Lenovo\AwayTask\AwaySch.EXE [2006-03-23 69632]
"cssauthe"=C:\Programme\IBM ThinkVantage\Client Security Solution\cssauthe.exe [2005-12-21 1988144]
"PDService.exe"=C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe [2005-11-15 49152]
"ACTray"=C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe [2006-04-17 409600]
"ACWLIcon"=C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe [2006-04-17 98304]
"SSBkgdUpdate"=C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]
"PaperPort PTD"=C:\Programme\ScanSoft\PaperPort\pptd40nt.exe [2005-03-17 57393]
"IndexSearch"=C:\Programme\ScanSoft\PaperPort\IndexSearch.exe [2005-03-17 40960]
"CnxDslTaskBar"=C:\Programme\ZyXEL\ADSL USB Modem\CnxDslTb.exe [2003-07-31 458752]
"Malwarebytes Anti-Malware (reboot)"=C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
C:\Programme\Brother\ControlCenter2\brctrcen.exe [2005-07-22 933888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe [2006-03-01 196710]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe [2006-10-18 169472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Programme\Messenger\msmsgs.exe [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Programme\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Programme\Picasa2\PicasaMediaDetector.exe [2005-10-28 335872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programme\QuickTime\QTTask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
C:\Programme\Brother\Brmfl05a\BrStDvPt.exe [2005-01-26 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
C:\PROGRA~1\SPYWAR~2\SpywareTerminatorShield.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKMAPHELPER]
C:\Programme\ThinkPad\Utilities\TpKmapAp.exe [2005-10-28 864256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Programme\Trojan Remover\Trjscan.exe [2009-08-04 1068424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Status Monitor.lnk]
C:\PROGRA~1\Brother\Brmfcmon\BrMfcWnd.exe [2005-06-04 802816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^****^Startmenü^Programme^Autostart^OpenOffice.org 2.0.lnk]
C:\PROGRA~1\OPENOF~1.0\program\QUICKS~1.EXE [2006-07-14 393216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AwayNotify]
C:\Programme\Lenovo\AwayTask\AwayNotify.dll [2006-03-23 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-28 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\WINDOWS\system32\notifyf2.dll [2005-07-05 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\WINDOWS\system32\tphklock.dll [2005-11-30 24576]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
csspwntfye

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\ThinkVantage\SystemUpdate\jre\bin\javaw.exe"="C:\Programme\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update"
"C:\Programme\SopCast\adv\SopAdver.exe"="C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Programme\SopCast\SopCast.exe"="C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Programme\TVAnts\Tvants.exe"="C:\Programme\TVAnts\Tvants.exe:*:Enabled:TVAnts"
"C:\Programme\Messenger\msmsgs.exe"="C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programme\Internet Explorer\iexplore.exe"="C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Programme\SoulseekNS\slsk.exe"="C:\Programme\SoulseekNS\slsk.exe:*:Enabled:SoulSeek"
"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\ThinkVantage\SystemUpdate\jre\bin\javaw.exe"="C:\Programme\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62e92908-ad13-11de-aff6-00a0c5d0ad95}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62e92909-ad13-11de-aff6-00a0c5d0ad95}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b365071-cbb0-11de-b0ae-00a0c5d0ad95}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0828355-a512-11de-afde-00a0c5d0ad95}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea6ffaf0-1957-11de-af7a-0016cf62d30c}]
shell\verb1\command - E:\desktop.exe

Chronic 10.11.2009 19:20
RSIT Log: Teil 2

Code:
======List of files/folders created in the last 3 months======

2009-11-10 19:09:43 ----D---- C:\rsit
2009-11-10 19:05:19 ----A---- C:\avenger.txt
2009-11-09 16:19:58 ----A---- C:\WINDOWS\ModemLog_ThinkPad Modem.txt
2009-11-09 11:18:02 ----D---- C:\Avenger
2009-11-09 00:40:18 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\QuickScan
2009-11-08 21:57:48 ----D---- C:\Programme\HDCleaner
2009-11-08 21:51:45 ----SHD---- C:\Config.Msi
2009-11-07 14:16:41 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TVU Networks
2009-11-07 13:18:08 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\InterVideo
2009-11-04 14:00:38 ----HDC---- C:\WINDOWS\$NtUninstallKB976749$
2009-11-03 21:53:38 ----D---- C:\WINDOWS\system32\TVUAx
2009-11-03 12:10:35 ----A---- C:\WINDOWS\system32\tmp.txt
2009-11-03 12:10:27 ----A---- C:\rapport.txt
2009-11-03 12:09:10 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2009-11-03 12:09:10 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2009-11-03 12:09:10 ----A---- C:\WINDOWS\system32\VACFix.exe
2009-11-03 12:09:10 ----A---- C:\WINDOWS\system32\swxcacls.exe
2009-11-03 12:09:10 ----A---- C:\WINDOWS\system32\swsc.exe
2009-11-03 12:09:10 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2009-11-03 12:09:10 ----A---- C:\WINDOWS\system32\o4Patch.exe
2009-11-03 12:09:10 ----A---- C:\WINDOWS\system32\IEDFix.exe
2009-11-03 12:09:10 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2009-11-03 12:09:10 ----A---- C:\WINDOWS\system32\dumphive.exe
2009-11-03 12:09:10 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2009-11-03 12:09:10 ----A---- C:\WINDOWS\system32\404Fix.exe
2009-11-03 12:09:09 ----A---- C:\WINDOWS\system32\swreg.exe
2009-11-03 12:09:09 ----A---- C:\WINDOWS\system32\Process.exe
2009-11-02 21:40:19 ----D---- C:\Programme\Gemeinsame Dateien\PC Tools
2009-11-02 21:40:13 ----D---- C:\Programme\Spyware Doctor
2009-10-30 11:18:07 ----D---- C:\WINDOWS\BDOSCAN8
2009-10-29 12:28:19 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\WinRAR
2009-10-29 12:27:45 ----D---- C:\Programme\WinRAR
2009-10-27 14:26:08 ----HDC---- C:\WINDOWS\$NtUninstallWdf01007$
2009-10-27 14:25:15 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-10-26 19:13:55 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-10-26 14:53:28 ----HDC---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-26 14:52:43 ----D---- C:\Programme\Lavasoft
2009-10-26 00:00:43 ----D---- C:\Programme\Lavalys
2009-10-25 15:32:34 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2009-10-25 15:32:34 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2009-10-25 15:32:33 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-10-25 15:32:33 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-10-25 15:32:33 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-10-25 15:32:33 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-10-25 15:32:32 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-10-25 15:32:32 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-10-25 15:32:32 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-10-25 15:32:32 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-10-25 15:32:31 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2009-10-25 15:32:31 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2009-10-25 15:32:30 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2009-10-25 15:32:30 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2009-10-25 15:32:30 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2009-10-25 15:32:30 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2009-10-25 15:32:29 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2009-10-25 15:32:29 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2009-10-25 15:32:29 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2009-10-25 15:32:29 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2009-10-25 15:32:28 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2009-10-25 15:32:28 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2009-10-25 15:32:27 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2009-10-25 15:32:27 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2009-10-25 15:32:27 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2009-10-25 15:32:27 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-10-25 15:32:27 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-10-25 15:32:26 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-10-25 15:32:25 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-10-25 15:32:25 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-10-25 15:32:25 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-10-25 15:32:25 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-10-25 15:32:24 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-10-25 15:32:24 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2009-10-25 15:32:24 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-10-25 15:32:24 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-10-25 15:32:24 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-10-25 15:32:23 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-10-25 15:32:23 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-10-25 15:32:22 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-10-25 15:32:19 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-10-25 15:32:14 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-10-25 15:32:08 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-10-25 15:32:08 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-10-25 15:31:52 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-10-25 15:31:50 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-10-25 15:31:49 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-10-25 15:31:48 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-10-25 15:31:47 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-10-25 15:31:47 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-10-25 15:31:47 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-10-25 15:31:46 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-10-25 15:31:46 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-10-25 15:31:46 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-10-25 15:31:46 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-10-25 15:31:45 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-10-25 15:31:45 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-10-25 15:31:44 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-10-25 15:31:44 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-10-25 15:31:43 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-10-25 15:31:43 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-10-25 15:31:43 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-10-25 15:31:43 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-10-25 15:31:42 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-10-25 15:31:41 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-10-25 15:31:39 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-10-25 13:33:59 ----HD---- C:\WINDOWS\msdownld.tmp
2009-10-25 01:08:28 ----D---- C:\WINDOWS\Logs
2009-10-25 01:05:13 ----HD---- C:\WINDOWS\PIF
2009-10-24 23:44:18 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\TrojanHunter
2009-10-24 22:31:54 ----R---- C:\WINDOWS\system32\streamhlp.dll
2009-10-24 22:31:54 ----D---- C:\Programme\TrojanHunter 5.2
2009-10-24 21:28:01 ----D---- C:\WINDOWS\Minidump
2009-10-24 15:23:33 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
2009-10-19 17:56:54 ----D---- C:\Programme\HooTech
2009-10-15 23:00:29 ----D---- C:\Programme\iTunes
2009-10-15 22:58:21 ----D---- C:\Programme\Apple Software Update
2009-10-15 22:58:02 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2009-10-15 22:57:45 ----D---- C:\Programme\Gemeinsame Dateien\Apple
2009-10-15 02:11:32 ----HDC---- C:\WINDOWS\$NtUninstallKB974455$
2009-10-15 02:11:24 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-15 02:11:17 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-15 02:09:30 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-15 02:09:26 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-15 02:09:16 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-15 02:09:00 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-15 02:07:54 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-15 02:07:46 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-15 02:07:39 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-11 23:13:54 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\MxBoost
2009-10-11 22:02:43 ----D---- C:\Programme\Gemeinsame Dateien\Real
2009-10-11 22:02:02 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Storm
2009-10-11 21:55:07 ----D---- C:\Programme\Maxthon2
2009-10-11 21:53:56 ----A---- C:\WINDOWS\libem.INI
2009-10-11 21:53:16 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\BITS
2009-10-11 21:52:59 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\FlashGetBHO
2009-10-11 21:52:57 ----D---- C:\Programme\FlashGet Network
2009-10-11 21:52:57 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\FlashGet
2009-10-11 21:51:54 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\FlashgetSetup
2009-10-10 20:27:52 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-10-10 20:27:47 ----A---- C:\WINDOWS\system32\ptpusd.dll
2009-10-10 20:21:55 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Apple Computer
2009-10-10 20:20:34 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-10 20:20:07 ----D---- C:\Programme\Bonjour
2009-10-10 20:19:23 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
2009-10-10 20:17:58 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
2009-10-10 17:27:29 ----D---- C:\Programme\Veetle
2009-10-09 23:04:15 ----D---- C:\Games
2009-10-05 20:07:41 ----D---- C:\FavoriteVideo
2009-10-05 20:07:32 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\PPLiveVA
2009-10-05 20:05:18 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PPLiveVA
2009-10-04 21:45:44 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\StreamTorrent
2009-09-30 19:53:25 ----D---- C:\WINDOWS\system32\PPLive
2009-09-29 17:17:31 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\U3
2009-09-27 19:28:12 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Soulseek
2009-09-27 19:27:57 ----D---- C:\Programme\SoulseekNS
2009-09-16 13:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-09-16 13:00:28 ----D---- C:\Programme\Microsoft CAPICOM 2.1.0.2
2009-09-16 11:17:50 ----A---- C:\WINDOWS\system32\muweb.dll
2009-09-16 11:17:50 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-09-16 11:17:50 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-09-15 11:33:23 ----D---- C:\Programme\Microsoft
2009-09-15 11:33:08 ----D---- C:\Programme\Windows Live SkyDrive
2009-09-15 11:32:47 ----D---- C:\Programme\Windows Live
2009-09-15 11:28:19 ----D---- C:\Programme\Gemeinsame Dateien\Windows Live
2009-09-14 16:25:33 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-09-13 13:00:45 ----D---- C:\WINDOWS\ie7updates
2009-09-12 22:34:03 ----D---- C:\WINDOWS\WBEM
2009-09-12 22:34:01 ----D---- C:\WINDOWS\system32\de-de
2009-09-12 22:33:09 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-09-12 22:32:46 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2009-09-12 22:32:07 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2009-09-12 22:32:00 ----N---- C:\WINDOWS\system32\xmllite.dll
2009-09-12 22:30:04 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Genuine Advantage
2009-09-12 17:19:19 ----D---- C:\Programme\SopCast
2009-09-12 17:08:36 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
2009-09-10 14:21:03 ----A---- C:\WINDOWS\system32\MRT.exe
2009-09-10 14:03:47 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-09-10 13:49:56 ----D---- C:\Programme\Trend Micro
2009-09-09 18:16:27 ----D---- C:\Programme\TVAnts
2009-09-09 13:01:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-09 13:01:04 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-09 13:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-09-08 18:02:33 ----D---- C:\WINDOWS\Sun
2009-09-08 11:48:38 ----D---- C:\Programme\Crawler
2009-09-08 11:37:27 ----A---- C:\WINDOWS\system32\MSSTDFMT.DLL
2009-09-06 18:54:23 ----D---- C:\Programme\WinHTTrack
2009-09-06 14:22:42 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-09-06 13:06:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-09-06 13:06:46 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-09-06 13:06:40 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-09-06 13:06:36 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-09-06 13:06:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-09-06 13:06:25 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-09-06 13:06:21 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2009-09-06 13:06:16 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-09-06 13:06:04 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2009-09-06 13:05:58 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-09-06 13:05:51 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-09-06 13:05:46 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-09-06 13:05:42 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-09-06 13:05:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-09-06 13:05:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-09-06 13:05:13 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-09-06 13:05:09 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-09-06 13:05:04 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-09-06 13:04:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-09-06 13:04:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-09-06 13:04:53 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-09-06 13:04:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-09-06 13:04:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-09-06 13:03:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-09-06 13:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-09-06 13:03:01 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-09-06 13:02:57 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-09-06 13:02:52 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2009-09-06 13:02:25 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-09-06 13:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-09-06 13:02:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-09-06 13:02:05 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-09-06 13:01:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-09-06 13:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-09-06 13:01:45 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-09-06 13:01:38 ----D---- C:\WINDOWS\ServicePackFiles
2009-09-06 13:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-09-06 13:01:32 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-09-06 13:01:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-09-06 13:01:19 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-09-06 13:01:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-09-06 13:01:10 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-09-06 13:01:05 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-09-06 13:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-09-06 13:00:58 ----D---- C:\Programme\MSXML 4.0
2009-09-06 13:00:45 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-09-06 13:00:39 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-09-06 13:00:34 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-09-06 13:00:25 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-09-06 12:35:34 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-09-06 12:33:57 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-06 12:13:24 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-09-06 12:12:59 ----D---- C:\WINDOWS\system32\PreInstall
2009-09-06 12:12:57 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-09-06 10:33:14 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-09-06 01:43:37 ----D---- C:\Programme\DCleaner
2009-09-06 00:18:00 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Macromedia
2009-09-05 23:49:41 ----D---- C:\Programme\Inode
2009-09-05 23:09:14 ----N---- C:\CnxUnist.exe
2009-09-05 23:09:14 ----N---- C:\CnxMfdCo.dll
2009-09-05 23:09:14 ----N---- C:\CnxHwIo.dll
2009-09-05 23:09:14 ----N---- C:\CnxDslWz.dll
2009-09-05 23:09:14 ----N---- C:\CnxDslTb.exe
2009-09-05 23:09:14 ----N---- C:\CnxClsCo.dll
2009-09-05 23:09:14 ----N---- C:\CnxAdslL.exe
2009-09-05 23:09:14 ----A---- C:\WINDOWS\system32\CnxHwIo.dll
2009-09-05 23:09:14 ----A---- C:\WINDOWS\system32\CnxClsCo.dll
2009-09-05 20:29:49 ----D---- C:\Programme\ZyXEL
2009-09-05 19:56:16 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla
2009-09-05 13:49:13 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2009-09-05 13:37:09 ----A---- C:\WINDOWS\system32\ztvunrar36.dll
2009-09-05 13:37:09 ----A---- C:\WINDOWS\system32\ztvunace26.dll
2009-09-05 13:37:09 ----A---- C:\WINDOWS\system32\ztvcabinet.dll
2009-09-05 13:37:09 ----A---- C:\WINDOWS\system32\UNRAR3.dll
2009-09-05 13:37:09 ----A---- C:\WINDOWS\system32\unacev2.dll
2009-09-05 13:37:08 ----D---- C:\Programme\Trojan Remover
2009-09-05 13:37:08 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Simply Super Software
2009-09-05 13:37:08 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Simply Super Software
2009-09-05 11:08:38 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-09-05 11:08:16 ----D---- C:\Programme\Java
2009-09-05 11:08:06 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Sun
2009-09-05 11:06:07 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Malwarebytes
2009-09-05 11:06:02 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-09-05 11:05:46 ----D---- C:\Programme\ClearProg
2009-09-05 11:04:50 ----D---- C:\Programme\CCleaner
2009-09-05 11:03:52 ----D---- C:\Programme\Mozilla Firefox
2009-09-05 10:55:18 ----D---- C:\WINDOWS\pss

Chronic 10.11.2009 19:21
RSIT Log: Teil 3

Code:
======List of files/folders modified in the last 3 months======

2009-11-10 19:08:50 ----D---- C:\WINDOWS\Prefetch
2009-11-10 19:06:55 ----RSHD---- C:\RRbackups
2009-11-10 19:06:46 ----SD---- C:\WINDOWS\Tasks
2009-11-10 19:05:51 ----SD---- C:\RECYCLER
2009-11-10 19:05:51 ----AD---- C:\WINDOWS\Temp
2009-11-10 19:05:43 ----AD---- C:\WINDOWS
2009-11-10 19:05:41 ----SHD---- C:\System Volume Information
2009-11-10 19:05:41 ----D---- C:\WINDOWS\system32\Restore
2009-11-10 19:05:19 ----D---- C:\WINDOWS\system32\drivers
2009-11-10 19:04:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-10 18:49:27 ----AD---- C:\WINDOWS\system32
2009-11-10 14:09:31 ----SD---- C:\Recycled
2009-11-10 12:16:30 ----D---- C:\IBMSHARE
2009-11-09 00:32:30 ----N---- C:\BOOT.INI
2009-11-09 00:32:30 ----A---- C:\WINDOWS\win.ini
2009-11-09 00:32:30 ----A---- C:\WINDOWS\system.ini
2009-11-08 21:57:48 ----RD---- C:\Programme
2009-11-08 21:51:44 ----SHD---- C:\WINDOWS\Installer
2009-11-08 20:41:36 ----HD---- C:\WINDOWS\inf
2009-11-08 16:52:31 ----SD---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Microsoft
2009-11-07 15:54:52 ----D---- C:\IBMWORK
2009-11-06 13:07:14 ----D---- C:\Dokumente und Einstellungen
2009-11-04 14:00:41 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-11-04 13:24:25 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-03 17:43:29 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\OpenOffice.org2
2009-11-02 21:40:19 ----D---- C:\Programme\Gemeinsame Dateien
2009-11-01 12:54:16 ----D---- C:\Programme\Google
2009-10-30 11:18:10 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-27 18:56:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-26 13:06:36 ----D---- C:\WINDOWS\Debug
2009-10-25 22:18:24 ----A---- C:\WINDOWS\system32\PROCDB.INI
2009-10-25 15:32:35 ----D---- C:\WINDOWS\system32\DirectX
2009-10-24 17:48:58 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-24 15:23:28 ----D---- C:\WINDOWS\WinSxS
2009-10-21 01:15:57 ----D---- C:\WINDOWS\Help
2009-10-20 00:59:40 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-10-15 02:11:38 ----D---- C:\Programme\Internet Explorer
2009-10-02 06:37:49 ----RSD---- C:\WINDOWS\Fonts
2009-09-25 06:49:01 ----A---- C:\WINDOWS\system32\wininet.dll
2009-09-25 06:49:01 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-09-25 06:49:00 ----A---- C:\WINDOWS\system32\shlwapi.dll
2009-09-25 06:49:00 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-09-25 06:48:59 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-09-25 06:48:59 ----A---- C:\WINDOWS\system32\mstime.dll
2009-09-25 06:48:58 ----A---- C:\WINDOWS\system32\msrating.dll
2009-09-25 06:48:58 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-09-25 06:48:56 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-09-25 06:48:56 ----A---- C:\WINDOWS\system32\inseng.dll
2009-09-25 06:48:56 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-09-25 06:48:56 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-09-25 06:48:56 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-09-25 06:48:56 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-09-25 06:48:55 ----A---- C:\WINDOWS\system32\danim.dll
2009-09-25 06:48:55 ----A---- C:\WINDOWS\system32\cdfview.dll
2009-09-25 06:48:55 ----A---- C:\WINDOWS\system32\browseui.dll
2009-09-20 19:44:40 ----D---- C:\Programme\Gemeinsame Dateien\printFIT Shared
2009-09-20 12:09:08 ----A---- C:\WINDOWS\WORDPAD.INI
2009-09-18 11:05:01 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2009-09-15 11:33:13 ----SD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft
2009-09-15 11:33:13 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2009-09-15 11:32:34 ----D---- C:\WINDOWS\pchealth
2009-09-12 22:34:06 ----D---- C:\WINDOWS\system32\config
2009-09-12 22:33:59 ----D---- C:\WINDOWS\Media
2009-09-11 15:06:50 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-09-06 14:20:35 ----D---- C:\WINDOWS\system32\wbem
2009-09-06 14:20:35 ----D---- C:\WINDOWS\AppPatch
2009-09-06 13:06:38 ----D---- C:\Programme\Messenger
2009-09-06 13:02:17 ----D---- C:\Programme\Outlook Express
2009-09-06 12:29:21 ----D---- C:\WINDOWS\system32\oldcatroot2
2009-09-06 10:33:44 ----D---- C:\WINDOWS\SoftwareDistribution
2009-09-06 00:18:00 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Adobe
2009-09-05 12:09:17 ----A---- C:\WINDOWS\system32\svchost.ini
2009-09-04 21:45:26 ----A---- C:\WINDOWS\system32\msasn1.dll
2009-08-26 09:14:38 ----A---- C:\WINDOWS\system32\strmdll.dll
2009-08-21 07:50:37 ----A---- C:\WINDOWS\system32\jscript.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2005-11-08 11520]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-07-07 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-07-07 22684]
R1 IBMTPCHK;IBMTPCHK; \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys []
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-27 40192]
R1 Smapint;Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [2006-01-17 14848]
R1 TDSMAPI;TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2006-01-17 9343]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\drivers\TPHKDRV.sys [2005-07-05 17699]
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2006-03-23 4442]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2006-02-27 7168]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-10-18 21275]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-08-01 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-08-01 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-08-01 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-08-01 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-08-01 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-08-01 87004]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-08-01 92700]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-07-07 40544]
R2 EGATHDRV;IBM eGatherer; \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS []
R2 ibmfilter;ibmfilter; \??\C:\WINDOWS\system32\drivers\ibmfilter.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 pmem;pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys []
R2 PrivateDisk;PrivateDisk; \??\C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys []
R2 PROCDD;IPS-Helper-Treiber; C:\WINDOWS\system32\DRIVERS\PROCDD.SYS [2006-03-23 5120]
R2 smi2;smi2; \??\C:\Programme\SMI2\smi2.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-01-31 176128]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-06-07 152960]
R3 AR5211;Dual-band Wi-Fi Wireless Mini PCI Adapter; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-12-21 470208]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-10-26 142720]
R3 CmBatt;Microsoft-Netzteiltreiber; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 CnxEtP;Conexant AccessRunner USB ADSL LAN Adapter Filter Driver; C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2003-07-31 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver; C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2003-07-31 642944]
R3 CnxTgN;Conexant AccessRunner USB ADSL LAN Adapter Driver; C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2003-07-31 103366]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\hsx_dpv.sys [2005-12-06 936448]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys [2005-12-06 192512]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-28 1353820]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2005-11-11 10112]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 Tp4Track;PS/2 TrackPoint Driver; C:\WINDOWS\system32\DRIVERS\tp4track.sys [2008-03-04 22568]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-09-16 57856]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2007-09-15 501800]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\hsx_cnxt.sys [2005-12-06 670208]
S3 ac97intc;Intel(r) 82801 Audiotreiber-Installationsdienst (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2004-10-15 15295]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\WINDOWS\System32\Drivers\BrSerIf.sys [2004-09-29 51712]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\WINDOWS\System32\Drivers\BrUsbSer.sys [2004-01-10 11648]
S3 E100B;Intel(R) PRO-Adaptertreiber; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-18 117760]
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Programme\Lavalys\EVEREST Ultimate Edition\kerneld.wnt []
S3 fyhwxynr;fyhwxynr; \??\C:\WINDOWS\system32\01.tmp []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 psadd;IBM PSA Access Driver; \??\C:\WINDOWS\system32\Drivers\psadd.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 agp440;Intel AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
S4 agpCPQ;Compaq AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
S4 alim1541;ALI AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-03 42752]
S4 amdagp;AMD AGP-Bus-Filtertreiber; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-03 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-04 5504]
S4 sisagp;SIS AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-03 41088]
S4 viaagp;VIA AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2006-04-17 40960]
R2 AcSvc;Access Connections Main Service; C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe [2006-04-17 151552]
R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-12 57344]
R2 Diskeeper;Diskeeper; C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe [2006-03-01 626810]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2005-11-11 73782]
R2 IPSSVC;IPS-Basisservice; C:\WINDOWS\system32\IPSSVC.EXE [2006-03-23 73728]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\AAWService.exe [2009-11-02 1179232]
R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2005-06-06 32768]
R2 TVT Backup Service;TVT Backup Service; C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe [2005-12-21 1384448]
R2 TVT Scheduler;TVT Scheduler; C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe [2005-12-21 77824]
R2 UCLauncherService;ThinkVantage System Update; C:\Programme\ThinkVantage\SystemUpdate\UCLauncherService.exe [2005-08-01 40960]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
R3 ACS;ACU Configuration Service; C:\WINDOWS\system32\acs.exe [2005-11-08 36864]
S3 aspnet_state;ASP.NET-Statusdienst; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 PsaSrv;IBM PSA Access Driver Control; C:\WINDOWS\system32\PsaSrv.exe []
S3 WmcCds;Windows Media Connect (WMC); c:\programme\windows media connect\mswmccds.exe [2004-08-11 483328]
S3 WmcCdsLs;Windows Media Connect-Hilfsprogramm; C:\Programme\Windows Media Connect\mswmcls.exe [2004-08-10 28160]

-----------------EOF-----------------

Angel21 10.11.2009 19:33
Wir müssten was in der Registry vornehmen, deswegen:

Lade dir das Tool ERUNT von Lars Hederer herunter.
Installiere dieses Tool.
Starte nun die erunt.exe und mache hiermit ein Registry-Backup in den vorgegebenen Ordner.
Unter den Sicherungsoptionen alle 3 der Möglichkeiten anhaken.

Bitte das Programm NICHT in den Systemstart miteinbeziehen (aufnehmen).

Chronic 10.11.2009 20:17
Zitat:
Zitat von Angel21 (Beitrag 479580)
Wir müssten was in der Registry vornehmen, deswegen:

Lade dir das Tool ERUNT von Lars Hederer herunter.
Installiere dieses Tool.
Starte nun die erunt.exe und mache hiermit ein Registry-Backup in den vorgegebenen Ordner.
Unter den Sicherungsoptionen alle 3 der Möglichkeiten anhaken.

Bitte das Programm NICHT in den Systemstart miteinbeziehen (aufnehmen).
Okey Erledigt! :daumenhoc

Angel21 10.11.2009 20:36
Gehe in die Registry und suche wieder wie beim letzten Male die netsvcs. Du öffnest nun dort das Fenster von der netsvcs, dort ist eine Liste.

Bei dieser Liste löschst du unten (ganz unten letzten drei) aufgelisteten Sachen weg.
Indem du:
  • qmvgm
  • qhrlk
  • gwkjbob

markierst, Rechtsklick anwählst und auf "Löschen" gehst.

Dabei wird eine Meldung kommen. Diese Meldung mit OK bestätigen.

VORSICHT, NUR DIE 3 DINGE, MARKIERUNG BEI ANDEREN RAUSNEHMEN!

Chronic 10.11.2009 20:50
Zitat:
Zitat von Angel21 (Beitrag 479589)
Gehe in die Registry und suche wieder wie beim letzten Male die netsvcs. Du öffnest nun dort das Fenster von der netsvcs, dort ist eine Liste.

Bei dieser Liste löschst du unten (ganz unten letzten drei) aufgelisteten Sachen weg.
Indem du:
  • qmvgm
  • qhrlk
  • gwkjbob

markierst, Rechtsklick anwählst und auf "Löschen" gehst.

Dabei wird eine Meldung kommen. Diese Meldung mit OK bestätigen.

VORSICHT, NUR DIE 3 DINGE, MARKIERUNG BEI ANDEREN RAUSNEHMEN!
Okey, hat sich erledigt, wir können zum nächsten Punkt jetzt kommen.

Habe aber noch eine frage! In meinem Task Manager haben fast alle Prozesse höhere Speicherauslastung als früher, wenn ich meinen PC neu starte ist es normal danach springen plötzlich viele über 20.000 K, also um das 10 Fache und höher. Woran kann das liegen? :eek:

Angel21 10.11.2009 20:53
Zitat:
Habe aber noch eine frage! In meinem Task Manager haben fast alle Prozesse höhere Speicherauslastung als früher, wenn ich meinen PC neu starte ist es normal danach springen plötzlich viele über 20.000 K, also um das 10 Fache und höher. Woran kann das liegen?
Vllt. ist noch etwas aktiv.

Starten wir mit dem nächsten Punkt und zwar Superantispyware.
Lasse SASW dein System mit einem vollständigen Scan über alle Partitionen durchsuchen. Wenn es etwas findet dann löschen. Poste dessen Log hier in deinen Thread hinein.

Bin ab Morgen Mittag wieder da und werde es mir anschauen, falls du Zeit hattest für SASW. Wenn nicht ist nicht schlimm :)

Chronic 10.11.2009 22:26
SUPERAntiSpyware Log: (Nichts gefunden) :)

Code:
SUPERAntiSpyware Scann-Protokoll
h**p://www.superantispyware.com

Generiert 11/10/2009 bei 09:49 PM

Version der Applikation : 4.29.1004

Version der Kern-Datenbank : 4256
Version der Spur-Datenbank : 2143

Scan Art      : kompletter Scann
Totale Scann-Zeit : 00:19:09

Gescannte Speicherelemente  : 230
Erfasste Speicher-Bedrohungen  : 0
Gescannte Register-Elemente  : 4372
Erfasste Register-Bedrohungen  : 0
Gescannte Datei-Elemente    : 17559
Erfasste Datei-Elemente  : 0
Danke auch mit dem vllt. ist noch was aktiv. Stimmt, Ausgerechnet mein Ad-aware hat im Task-Manager gespinnt obwohl man das Symbol in der Taskleiste nichtmal sehen konnte, hab's deinstallieren müssen :mad:

Angel21 11.11.2009 15:21
Deinstalliere Superantispyware bitte - mache nochmal folgende Scans:

1.) Überprüfe den Rechner mit PrevXCSI. Poste ein Screenshot falls etwas gefunden werden sollte oder poste Namen und Pfade.

2.) Panda Active Scan
Folgende Seite führt dich durch die Installation: PandaActiveScan2.0 Installation

Drücke auf Jetzt Scannen!

Eine Registrierung ist nicht erforderlich!

Nachdem der Scan abgeschlossen ist drücke auf das Text-Icon Export und speichere das log auf dem Desktop.
Öffne die Datei ActiveScan.txt die sich nun auf deinem Desktop befindet und poste uns den Inhalt.
3.) http://www.trojaner-board.de/59299-a...eb-cureit.html

4.) Rootkitsuche mit SysProt
  • Lade dir SysProt auf den Desktop und starte das Tool
  • Gehe dort auf den Reiter "Log"
  • Setze nun einen Haken bei:
    • Kernel Modules
    • Kernel Hooks
    • Hidden Files
    • Und unten bei "Hidden Objects Only"
  • Drücke nun auf "Create Log"
  • Es erscheint nach einem kurzen Scan die ein Dialogfenster. Wähle dort "Scan All Drives"
  • Wenn der Scan abgeschlossen ist, beende SysProt.
  • Poste den gesamten Inhalt der "SysProtLog.txt", die auf dem Desktop zu finden ist.

Alle Logs bitte zu mir :)

Chronic 11.11.2009 19:46
1. PrevX hat nichts gefunden

2. Panda aber schon, hier ist das Log:

Code:
;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-11-11 19:41:52
PROTECTIONS: 0
MALWARE: 4
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description                                  Version                      Active    Updated
;===================================================================================================================================================================================
;===================================================================================================================================================================================
MALWARE
Id        Description                        Type                Active    Severity  Disinfectable  Disinfected Location
;===================================================================================================================================================================================
00139064  Cookie/Atlas DMT                  TrackingCookie      No        0        Yes            No          c:\recycled\****@atdmt[2].txt
00484705  Application/IEDefender            HackTools          No        0        Yes            No          c:\windows\system32\iedfix.c.exe
00921467  Generic Malware                    Virus/Trojan        No        0        Yes            No          c:\windows\system32\404fix.exe
04555092  W32/Conficker.B.worm              Virus/Worm          No        0        Yes            No          c:\system volume information\_restore{d73e0497-fefe-41f8-a0e0-47cc729408b0}\rp1\a0000017.dll
;===================================================================================================================================================================================
SUSPECTS
Sent      Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id        Severity      Description
;===================================================================================================================================================================================
191613    HIGH          MS08-020
187733    HIGH          MS08-008
182046    HIGH          MS07-067
179553    HIGH          MS07-061
170904    HIGH          MS07-043
157260    HIGH          MS07-020
157259    HIGH          MS07-019
156477    HIGH          MS07-017
150249    HIGH          MS07-013
150248    HIGH          MS07-012
150247    HIGH          MS07-011
150243    HIGH          MS07-008
150242    HIGH          MS07-007
150241    MEDIUM        MS07-006
141033    MEDIUM        MS06-075
137571    HIGH          MS06-070
133379    HIGH          MS06-057
129977    MEDIUM        MS06-053
129976    MEDIUM        MS06-052
126092    MEDIUM        MS06-050
126087    HIGH          MS06-046
126086    MEDIUM        MS06-045
126082    HIGH          MS06-041
123421    HIGH          MS06-036
120818    HIGH          MS06-025
120815    HIGH          MS06-022
117384    MEDIUM        MS06-018
114666    HIGH          MS06-015
108744    MEDIUM        MS06-008
108742    MEDIUM        MS06-006
;===================================================================================================================================================================================
Mit den anderen Punkten bin ich noch nicht fertig, kommt dann! Panda Scan hat sehr lange gedauert :daumenhoc

SysProt Seite scheint nicht zu funktionieren > Error: PAGE NOT FOUND :(

Angel21 11.11.2009 19:56
Anleitung Avenger (by swandog46)

Lade dir das Tool Hopsassa und speichere es auf dem Desktop:
  • Kopiere nun folgenden Text in das weiße Feld bei -> "input script here"
Code:
drivers to disable:
fyhwxynr

drivers to delete:
fyhwxynr

files to delete:
C:\WINDOWS\system32\01.tmp
http://saved.im/mzi3ndg3nta0/aven.jpg
  • Schliesse nun alle Programme und Browser-Fenster
  • Um den Avenger zu starten klicke auf -> Execute
  • Dann bestätigen mit "Yes" das der Rechner neu startet
  • Nachdem das System neu gestartet ist, findest du einen Report vom Avenger unter -> C:\avenger.txt
  • Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board.

Bitte alles von Panda löschen, was Pandale fand.

Chronic 12.11.2009 15:25
Avenger Log:

Code:
Logfile of The Avenger Version 2.0, (c) by Swandog46
h**p://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "fyhwxynr" disabled successfully.
Driver "fyhwxynr" deleted successfully.

Error:  file "C:\WINDOWS\system32\01.tmp" not found!
Deletion of file "C:\WINDOWS\system32\01.tmp" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Completed script processing.

*******************

Finished!  Terminate.

3. Dr. Web Log:

Code:
Process.exe;C:\WINDOWS\system32;Tool.Prockill;;
Process.exe;C:\WINDOWS\system32;Tool.Prockill;;
4. SysProt Log:

Code:
SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys
Service Name: ---
Module Base: A0A6C000
Module End: A0B42000
Hidden: Yes

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No hidden files/folders found

Angel21 12.11.2009 15:34
Wie geht es deinem Rechner jetzt? Hat sich schon etwas an seinem Zustand gebessert?

Chronic 12.11.2009 16:03
Zitat:
Zitat von Angel21 (Beitrag 479933)
Wie geht es deinem Rechner jetzt? Hat sich schon etwas an seinem Zustand gebessert?
Gmer findet nichts im moment. Muss ich das mit der Process.exe im Dr. Web desinfizieren?

Scheint ein Hacktool zu sein :D

Angel21 12.11.2009 16:19
ja, man sollte scho die Funde entfernen ;)

Chronic 12.11.2009 17:09
Zitat:
Zitat von Angel21 (Beitrag 479949)
ja, man sollte scho die Funde entfernen ;)
Danke, Im moment scheint alles in Ordnung zu sein mit meinem PC :party:

Angel21 12.11.2009 17:54
Halt emal :D

wir sind noch lange nicht fertig, neues RSIT Log bitte beide Logs, als Anhang meinetwegen :)

Chronic 12.11.2009 19:15
Zitat:
Zitat von Angel21 (Beitrag 479959)
Halt emal :D

wir sind noch lange nicht fertig, neues RSIT Log bitte beide Logs, als Anhang meinetwegen :)
Hab mich wohl zu früh gefreut :D

log.txt - Teil 1

Code:
Logfile of random's system information tool 1.06 (written by random/random)
Run by **** at 2009-11-12 18:58:07
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 36 GB (69%) free of 52 GB
Total RAM: 502 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:58:13, on 12.11.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\IPSSVC.EXE
C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Programme\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Programme\Lenovo\TrackPoint\tp4serv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Programme\ThinkVantage\AMSG\Amsg.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\Lenovo\AwayTask\AwaySch.EXE
C:\Programme\IBM ThinkVantage\Client Security Solution\cssauthe.exe
C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
C:\Programme\ZyXEL\ADSL USB Modem\CnxDslTb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programme\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\system32\acs.exe
C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\****\Desktop\RSIT.exe
C:\Programme\Trend Micro\HijackThis\****.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60347
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O4 - HKLM\..\Run: [TrackPointSrv] C:\Programme\Lenovo\TrackPoint\tp4serv.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [suScheduler] C:\Programme\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Programme\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [cssauthe] "C:\Programme\IBM ThinkVantage\Client Security Solution\cssauthe.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programme\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programme\ZyXEL\ADSL USB Modem\CnxDslTb.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: ThinkPad-Software - Aktualisierung - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Programme\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/de/de
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: AwayNotify - C:\Programme\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS-Basisservice (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Programme\ThinkVantage\SystemUpdate\UCLauncherService.exe

--
End of file - 8793 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\PMTask.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-08-01 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"=C:\Programme\Lenovo\TrackPoint\tp4serv.exe [2008-03-04 92960]
"TP4EX"=C:\WINDOWS\system32\tp4ex.exe [2005-10-17 65536]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-11-28 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-11-28 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-11-28 118784]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2006-02-24 237568]
"TPHOTKEY"=C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe [2006-03-09 94208]
"SoundMAXPnP"=C:\Programme\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"SoundMAX"=C:\Programme\Analog Devices\SoundMAX\Smax4.exe [2005-05-06 716800]
"suScheduler"=C:\Programme\ThinkVantage\SystemUpdate\UCLauncher.exe [2005-08-01 40960]
"LPManager"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe [2006-03-23 106496]
"AMSG"=C:\Programme\ThinkVantage\AMSG\Amsg.exe [2005-11-14 487424]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-08-01 122940]
"ISUSPM Startup"=c:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=c:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"AwaySch"=C:\Programme\Lenovo\AwayTask\AwaySch.EXE [2006-03-23 69632]
"cssauthe"=C:\Programme\IBM ThinkVantage\Client Security Solution\cssauthe.exe [2005-12-21 1988144]
"PDService.exe"=C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe [2005-11-15 49152]
"ACTray"=C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe [2006-04-17 409600]
"ACWLIcon"=C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe [2006-04-17 98304]
"SSBkgdUpdate"=C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]
"PaperPort PTD"=C:\Programme\ScanSoft\PaperPort\pptd40nt.exe [2005-03-17 57393]
"IndexSearch"=C:\Programme\ScanSoft\PaperPort\IndexSearch.exe [2005-03-17 40960]
"CnxDslTaskBar"=C:\Programme\ZyXEL\ADSL USB Modem\CnxDslTb.exe [2003-07-31 458752]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
C:\Programme\Brother\ControlCenter2\brctrcen.exe [2005-07-22 933888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe [2006-03-01 196710]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe [2006-10-18 169472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Programme\Messenger\msmsgs.exe [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Programme\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Programme\Picasa2\PicasaMediaDetector.exe [2005-10-28 335872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programme\QuickTime\QTTask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
C:\Programme\Brother\Brmfl05a\BrStDvPt.exe [2005-01-26 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
C:\PROGRA~1\SPYWAR~2\SpywareTerminatorShield.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKMAPHELPER]
C:\Programme\ThinkPad\Utilities\TpKmapAp.exe [2005-10-28 864256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Programme\Trojan Remover\Trjscan.exe [2009-08-04 1068424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Status Monitor.lnk]
C:\PROGRA~1\Brother\Brmfcmon\BrMfcWnd.exe [2005-06-04 802816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^****^Startmenü^Programme^Autostart^ERUNT AutoBackup.lnk]
C:\PROGRA~1\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^****^Startmenü^Programme^Autostart^OpenOffice.org 2.0.lnk]
C:\PROGRA~1\OPENOF~1.0\program\QUICKS~1.EXE [2006-07-14 393216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AwayNotify]
C:\Programme\Lenovo\AwayTask\AwayNotify.dll [2006-03-23 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-28 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\WINDOWS\system32\notifyf2.dll [2005-07-05 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\WINDOWS\system32\tphklock.dll [2005-11-30 24576]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
csspwntfye

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\ThinkVantage\SystemUpdate\jre\bin\javaw.exe"="C:\Programme\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update"
"C:\Programme\SopCast\adv\SopAdver.exe"="C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Programme\SopCast\SopCast.exe"="C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Programme\TVAnts\Tvants.exe"="C:\Programme\TVAnts\Tvants.exe:*:Enabled:TVAnts"
"C:\Programme\Messenger\msmsgs.exe"="C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programme\Internet Explorer\iexplore.exe"="C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Programme\SoulseekNS\slsk.exe"="C:\Programme\SoulseekNS\slsk.exe:*:Enabled:SoulSeek"
"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\ThinkVantage\SystemUpdate\jre\bin\javaw.exe"="C:\Programme\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62e92908-ad13-11de-aff6-00a0c5d0ad95}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62e92909-ad13-11de-aff6-00a0c5d0ad95}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b365071-cbb0-11de-b0ae-00a0c5d0ad95}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0828355-a512-11de-afde-00a0c5d0ad95}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea6ffaf0-1957-11de-af7a-0016cf62d30c}]
shell\verb1\command - E:\desktop.exe

-----------------EOF-----------------

Chronic 12.11.2009 19:17
log.txt - Teil 2

Code:
======List of files/folders created in the last 3 months======

2009-11-11 22:36:56 ----D---- C:\Programme\a-squared Free
2009-11-11 22:09:32 ----A---- C:\avenger.txt
2009-11-11 22:07:41 ----A---- C:\zip.exe
2009-11-11 22:07:41 ----A---- C:\cleanup.exe
2009-11-11 22:07:41 ----A---- C:\cleanup.bat
2009-11-11 18:06:37 ----D---- C:\Programme\Panda Security
2009-11-11 17:52:04 ----SHD---- C:\Config.Msi
2009-11-11 07:52:04 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-11-10 21:16:20 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2009-11-10 21:16:02 ----D---- C:\Programme\SUPERAntiSpyware
2009-11-10 21:16:02 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\SUPERAntiSpyware.com
2009-11-10 20:08:18 ----D---- C:\WINDOWS\ERDNT
2009-11-10 20:04:49 ----D---- C:\Programme\ERUNT
2009-11-10 19:09:43 ----D---- C:\rsit
2009-11-10 19:05:19 ----A---- C:\avenger1a.txt
2009-11-09 11:18:02 ----D---- C:\Avenger
2009-11-09 00:40:18 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\QuickScan
2009-11-08 21:57:48 ----D---- C:\Programme\HDCleaner
2009-11-07 14:16:41 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TVU Networks
2009-11-07 13:18:08 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\InterVideo
2009-11-04 14:00:38 ----HDC---- C:\WINDOWS\$NtUninstallKB976749$
2009-11-03 12:10:35 ----A---- C:\WINDOWS\system32\tmp.txt
2009-11-03 12:10:27 ----A---- C:\rapport.txt
2009-11-03 12:09:10 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2009-11-03 12:09:10 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2009-11-03 12:09:10 ----A---- C:\WINDOWS\system32\VACFix.exe
2009-11-03 12:09:10 ----A---- C:\WINDOWS\system32\swxcacls.exe
2009-11-03 12:09:10 ----A---- C:\WINDOWS\system32\swsc.exe
2009-11-03 12:09:10 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2009-11-03 12:09:10 ----A---- C:\WINDOWS\system32\o4Patch.exe
2009-11-03 12:09:10 ----A---- C:\WINDOWS\system32\IEDFix.exe
2009-11-03 12:09:10 ----A---- C:\WINDOWS\system32\dumphive.exe
2009-11-03 12:09:10 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2009-11-03 12:09:09 ----A---- C:\WINDOWS\system32\swreg.exe
2009-11-02 21:40:19 ----D---- C:\Programme\Gemeinsame Dateien\PC Tools
2009-11-02 21:40:13 ----D---- C:\Programme\Spyware Doctor
2009-10-30 11:18:07 ----D---- C:\WINDOWS\BDOSCAN8
2009-10-29 12:28:19 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\WinRAR
2009-10-29 12:27:45 ----D---- C:\Programme\WinRAR
2009-10-27 14:26:08 ----HDC---- C:\WINDOWS\$NtUninstallWdf01007$
2009-10-27 14:25:15 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-10-26 00:00:43 ----D---- C:\Programme\Lavalys
2009-10-25 15:32:34 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2009-10-25 15:32:34 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2009-10-25 15:32:33 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-10-25 15:32:33 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-10-25 15:32:33 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-10-25 15:32:33 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-10-25 15:32:32 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-10-25 15:32:32 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-10-25 15:32:32 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-10-25 15:32:32 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-10-25 15:32:31 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2009-10-25 15:32:31 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2009-10-25 15:32:30 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2009-10-25 15:32:30 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2009-10-25 15:32:30 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2009-10-25 15:32:30 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2009-10-25 15:32:29 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2009-10-25 15:32:29 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2009-10-25 15:32:29 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2009-10-25 15:32:29 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2009-10-25 15:32:28 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2009-10-25 15:32:28 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2009-10-25 15:32:27 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2009-10-25 15:32:27 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2009-10-25 15:32:27 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2009-10-25 15:32:27 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-10-25 15:32:27 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-10-25 15:32:26 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-10-25 15:32:25 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-10-25 15:32:25 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-10-25 15:32:25 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-10-25 15:32:25 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-10-25 15:32:24 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-10-25 15:32:24 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2009-10-25 15:32:24 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-10-25 15:32:24 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-10-25 15:32:24 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-10-25 15:32:23 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-10-25 15:32:23 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-10-25 15:32:22 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-10-25 15:32:19 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-10-25 15:32:14 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-10-25 15:32:08 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-10-25 15:32:08 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-10-25 15:31:52 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-10-25 15:31:50 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-10-25 15:31:49 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-10-25 15:31:48 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-10-25 15:31:47 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-10-25 15:31:47 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-10-25 15:31:47 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-10-25 15:31:46 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-10-25 15:31:46 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-10-25 15:31:46 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-10-25 15:31:46 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-10-25 15:31:45 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-10-25 15:31:45 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-10-25 15:31:44 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-10-25 15:31:44 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-10-25 15:31:43 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-10-25 15:31:43 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-10-25 15:31:43 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-10-25 15:31:43 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-10-25 15:31:42 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-10-25 15:31:41 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-10-25 15:31:39 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-10-25 13:33:59 ----HD---- C:\WINDOWS\msdownld.tmp
2009-10-25 01:08:28 ----D---- C:\WINDOWS\Logs
2009-10-25 01:05:13 ----HD---- C:\WINDOWS\PIF
2009-10-24 23:44:18 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\TrojanHunter
2009-10-24 22:31:54 ----R---- C:\WINDOWS\system32\streamhlp.dll
2009-10-24 22:31:54 ----D---- C:\Programme\TrojanHunter 5.2
2009-10-24 21:28:01 ----D---- C:\WINDOWS\Minidump
2009-10-24 15:23:33 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
2009-10-19 17:56:54 ----D---- C:\Programme\HooTech
2009-10-15 23:00:29 ----D---- C:\Programme\iTunes
2009-10-15 22:58:21 ----D---- C:\Programme\Apple Software Update
2009-10-15 22:58:02 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2009-10-15 22:57:45 ----D---- C:\Programme\Gemeinsame Dateien\Apple
2009-10-15 02:11:32 ----HDC---- C:\WINDOWS\$NtUninstallKB974455$
2009-10-15 02:11:24 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-15 02:11:17 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-15 02:09:30 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-15 02:09:26 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-15 02:09:16 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-15 02:09:00 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-15 02:07:54 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-15 02:07:46 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-15 02:07:39 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-11 23:13:54 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\MxBoost
2009-10-11 22:02:43 ----D---- C:\Programme\Gemeinsame Dateien\Real
2009-10-11 22:02:02 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Storm
2009-10-11 21:55:07 ----D---- C:\Programme\Maxthon2
2009-10-11 21:53:56 ----A---- C:\WINDOWS\libem.INI
2009-10-11 21:53:16 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\BITS
2009-10-11 21:52:59 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\FlashGetBHO
2009-10-11 21:52:57 ----D---- C:\Programme\FlashGet Network
2009-10-11 21:52:57 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\FlashGet
2009-10-11 21:51:54 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\FlashgetSetup
2009-10-10 20:27:52 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-10-10 20:27:47 ----A---- C:\WINDOWS\system32\ptpusd.dll
2009-10-10 20:21:55 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Apple Computer
2009-10-10 20:20:34 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-10 20:20:07 ----D---- C:\Programme\Bonjour
2009-10-10 20:19:23 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
2009-10-10 20:17:58 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
2009-10-10 17:27:29 ----D---- C:\Programme\Veetle
2009-10-09 23:04:15 ----D---- C:\Games
2009-10-05 20:07:41 ----D---- C:\FavoriteVideo
2009-10-05 20:07:32 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\PPLiveVA
2009-10-05 20:05:18 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PPLiveVA
2009-10-04 21:45:44 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\StreamTorrent
2009-09-30 19:53:25 ----D---- C:\WINDOWS\system32\PPLive
2009-09-29 17:17:31 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\U3
2009-09-27 19:28:12 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Soulseek
2009-09-27 19:27:57 ----D---- C:\Programme\SoulseekNS
2009-09-16 13:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-09-16 13:00:28 ----D---- C:\Programme\Microsoft CAPICOM 2.1.0.2
2009-09-16 11:17:50 ----A---- C:\WINDOWS\system32\muweb.dll
2009-09-16 11:17:50 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-09-16 11:17:50 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-09-15 11:33:23 ----D---- C:\Programme\Microsoft
2009-09-15 11:33:08 ----D---- C:\Programme\Windows Live SkyDrive
2009-09-15 11:32:47 ----D---- C:\Programme\Windows Live
2009-09-15 11:28:19 ----D---- C:\Programme\Gemeinsame Dateien\Windows Live
2009-09-14 16:25:33 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-09-13 13:00:45 ----D---- C:\WINDOWS\ie7updates
2009-09-12 22:34:03 ----D---- C:\WINDOWS\WBEM
2009-09-12 22:34:01 ----D---- C:\WINDOWS\system32\de-de
2009-09-12 22:33:09 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-09-12 22:32:46 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2009-09-12 22:32:07 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2009-09-12 22:32:00 ----N---- C:\WINDOWS\system32\xmllite.dll
2009-09-12 22:30:04 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Genuine Advantage
2009-09-12 17:19:19 ----D---- C:\Programme\SopCast
2009-09-12 17:08:36 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
2009-09-10 14:21:03 ----A---- C:\WINDOWS\system32\MRT.exe
2009-09-10 14:03:47 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-09-10 13:49:56 ----D---- C:\Programme\Trend Micro
2009-09-09 18:16:27 ----D---- C:\Programme\TVAnts
2009-09-09 13:01:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-09 13:01:04 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-09 13:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-09-08 18:02:33 ----D---- C:\WINDOWS\Sun
2009-09-08 11:48:38 ----D---- C:\Programme\Crawler
2009-09-08 11:37:27 ----A---- C:\WINDOWS\system32\MSSTDFMT.DLL
2009-09-06 18:54:23 ----D---- C:\Programme\WinHTTrack
2009-09-06 14:22:42 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-09-06 13:06:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-09-06 13:06:46 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-09-06 13:06:40 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-09-06 13:06:36 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-09-06 13:06:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-09-06 13:06:25 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-09-06 13:06:21 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2009-09-06 13:06:16 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-09-06 13:06:04 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2009-09-06 13:05:58 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-09-06 13:05:51 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-09-06 13:05:46 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-09-06 13:05:42 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-09-06 13:05:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-09-06 13:05:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-09-06 13:05:13 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-09-06 13:05:09 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-09-06 13:05:04 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-09-06 13:04:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-09-06 13:04:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-09-06 13:04:53 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-09-06 13:04:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-09-06 13:04:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-09-06 13:03:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-09-06 13:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-09-06 13:03:01 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-09-06 13:02:57 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-09-06 13:02:52 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2009-09-06 13:02:25 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-09-06 13:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-09-06 13:02:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-09-06 13:02:05 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-09-06 13:01:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-09-06 13:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-09-06 13:01:45 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-09-06 13:01:38 ----D---- C:\WINDOWS\ServicePackFiles
2009-09-06 13:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-09-06 13:01:32 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-09-06 13:01:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-09-06 13:01:19 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-09-06 13:01:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-09-06 13:01:10 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-09-06 13:01:05 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-09-06 13:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-09-06 13:00:58 ----D---- C:\Programme\MSXML 4.0
2009-09-06 13:00:45 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-09-06 13:00:39 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-09-06 13:00:34 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-09-06 13:00:25 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-09-06 12:35:34 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-09-06 12:33:57 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-06 12:13:24 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-09-06 12:12:59 ----D---- C:\WINDOWS\system32\PreInstall
2009-09-06 12:12:57 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-09-06 10:33:14 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-09-06 01:43:37 ----D---- C:\Programme\DCleaner
2009-09-06 00:18:00 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Macromedia
2009-09-05 23:49:41 ----D---- C:\Programme\Inode
2009-09-05 23:09:14 ----N---- C:\CnxUnist.exe
2009-09-05 23:09:14 ----N---- C:\CnxMfdCo.dll
2009-09-05 23:09:14 ----N---- C:\CnxHwIo.dll
2009-09-05 23:09:14 ----N---- C:\CnxDslWz.dll
2009-09-05 23:09:14 ----N---- C:\CnxDslTb.exe
2009-09-05 23:09:14 ----N---- C:\CnxClsCo.dll
2009-09-05 23:09:14 ----N---- C:\CnxAdslL.exe
2009-09-05 23:09:14 ----A---- C:\WINDOWS\system32\CnxHwIo.dll
2009-09-05 23:09:14 ----A---- C:\WINDOWS\system32\CnxClsCo.dll
2009-09-05 20:29:49 ----D---- C:\Programme\ZyXEL
2009-09-05 19:56:16 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla
2009-09-05 13:49:13 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2009-09-05 13:37:09 ----A---- C:\WINDOWS\system32\ztvunrar36.dll
2009-09-05 13:37:09 ----A---- C:\WINDOWS\system32\ztvunace26.dll
2009-09-05 13:37:09 ----A---- C:\WINDOWS\system32\ztvcabinet.dll
2009-09-05 13:37:09 ----A---- C:\WINDOWS\system32\UNRAR3.dll
2009-09-05 13:37:09 ----A---- C:\WINDOWS\system32\unacev2.dll
2009-09-05 13:37:08 ----D---- C:\Programme\Trojan Remover
2009-09-05 13:37:08 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Simply Super Software
2009-09-05 13:37:08 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Simply Super Software
2009-09-05 11:08:38 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-09-05 11:08:16 ----D---- C:\Programme\Java
2009-09-05 11:08:06 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Sun
2009-09-05 11:06:07 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Malwarebytes
2009-09-05 11:06:02 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-09-05 11:05:46 ----D---- C:\Programme\ClearProg
2009-09-05 11:04:50 ----D---- C:\Programme\CCleaner
2009-09-05 11:03:52 ----D---- C:\Programme\Mozilla Firefox
2009-09-05 10:55:18 ----D---- C:\WINDOWS\pss

Chronic 12.11.2009 19:18
log.txt - Teil 3

Code:
======List of files/folders modified in the last 3 months======

2009-11-12 18:57:59 ----D---- C:\WINDOWS\Prefetch
2009-11-12 17:13:18 ----SD---- C:\RECYCLER
2009-11-12 17:03:24 ----AD---- C:\WINDOWS\Temp
2009-11-12 17:03:18 ----AD---- C:\WINDOWS
2009-11-12 17:01:53 ----RSHD---- C:\RRbackups
2009-11-12 17:00:36 ----N---- C:\BOOT.INI
2009-11-12 17:00:36 ----A---- C:\WINDOWS\win.ini
2009-11-12 17:00:36 ----A---- C:\WINDOWS\system.ini
2009-11-12 16:54:33 ----AD---- C:\WINDOWS\system32
2009-11-12 16:25:45 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-11-12 01:42:46 ----D---- C:\IBMSHARE
2009-11-11 22:36:56 ----RD---- C:\Programme
2009-11-11 22:09:32 ----D---- C:\WINDOWS\system32\drivers
2009-11-11 18:07:42 ----HD---- C:\WINDOWS\inf
2009-11-11 17:52:57 ----A---- C:\WINDOWS\wininit.ini
2009-11-11 17:52:06 ----D---- C:\Programme\Gemeinsame Dateien
2009-11-11 17:52:04 ----SHD---- C:\WINDOWS\Installer
2009-11-11 14:14:08 ----D---- C:\WINDOWS\Debug
2009-11-11 07:52:07 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-11-11 06:38:54 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-10 22:18:10 ----SD---- C:\WINDOWS\Tasks
2009-11-10 20:22:21 ----D---- C:\Dokumente und Einstellungen
2009-11-10 19:05:41 ----SHD---- C:\System Volume Information
2009-11-10 19:05:41 ----D---- C:\WINDOWS\system32\Restore
2009-11-10 14:09:31 ----SD---- C:\Recycled
2009-11-08 16:52:31 ----SD---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Microsoft
2009-11-07 15:54:52 ----D---- C:\IBMWORK
2009-11-03 17:43:29 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\OpenOffice.org2
2009-11-01 12:54:16 ----D---- C:\Programme\Google
2009-10-30 11:18:10 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-27 18:56:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-25 22:18:24 ----A---- C:\WINDOWS\system32\PROCDB.INI
2009-10-25 15:32:35 ----D---- C:\WINDOWS\system32\DirectX
2009-10-24 17:48:58 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-24 15:23:28 ----D---- C:\WINDOWS\WinSxS
2009-10-21 01:15:57 ----D---- C:\WINDOWS\Help
2009-10-20 00:59:40 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-10-15 02:11:38 ----D---- C:\Programme\Internet Explorer
2009-10-02 06:37:49 ----RSD---- C:\WINDOWS\Fonts
2009-09-25 06:49:01 ----A---- C:\WINDOWS\system32\wininet.dll
2009-09-25 06:49:01 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-09-25 06:49:00 ----A---- C:\WINDOWS\system32\shlwapi.dll
2009-09-25 06:49:00 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-09-25 06:48:59 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-09-25 06:48:59 ----A---- C:\WINDOWS\system32\mstime.dll
2009-09-25 06:48:58 ----A---- C:\WINDOWS\system32\msrating.dll
2009-09-25 06:48:58 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-09-25 06:48:56 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-09-25 06:48:56 ----A---- C:\WINDOWS\system32\inseng.dll
2009-09-25 06:48:56 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-09-25 06:48:56 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-09-25 06:48:56 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-09-25 06:48:56 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-09-25 06:48:55 ----A---- C:\WINDOWS\system32\danim.dll
2009-09-25 06:48:55 ----A---- C:\WINDOWS\system32\cdfview.dll
2009-09-25 06:48:55 ----A---- C:\WINDOWS\system32\browseui.dll
2009-09-20 19:44:40 ----D---- C:\Programme\Gemeinsame Dateien\printFIT Shared
2009-09-20 12:09:08 ----A---- C:\WINDOWS\WORDPAD.INI
2009-09-18 11:05:01 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2009-09-15 11:33:13 ----SD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft
2009-09-15 11:33:13 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2009-09-15 11:32:34 ----D---- C:\WINDOWS\pchealth
2009-09-12 22:34:06 ----D---- C:\WINDOWS\system32\config
2009-09-12 22:33:59 ----D---- C:\WINDOWS\Media
2009-09-11 15:06:50 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-09-06 14:20:35 ----D---- C:\WINDOWS\system32\wbem
2009-09-06 14:20:35 ----D---- C:\WINDOWS\AppPatch
2009-09-06 13:06:38 ----D---- C:\Programme\Messenger
2009-09-06 13:02:17 ----D---- C:\Programme\Outlook Express
2009-09-06 12:29:21 ----D---- C:\WINDOWS\system32\oldcatroot2
2009-09-06 10:33:44 ----D---- C:\WINDOWS\SoftwareDistribution
2009-09-06 00:18:00 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Adobe
2009-09-05 12:09:17 ----A---- C:\WINDOWS\system32\svchost.ini
2009-09-04 21:45:26 ----A---- C:\WINDOWS\system32\msasn1.dll
2009-08-26 09:14:38 ----A---- C:\WINDOWS\system32\strmdll.dll
2009-08-21 07:50:37 ----A---- C:\WINDOWS\system32\jscript.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2005-11-08 11520]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-07-07 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-07-07 22684]
R1 IBMTPCHK;IBMTPCHK; \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys []
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-27 40192]
R1 Smapint;Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [2006-01-17 14848]
R1 TDSMAPI;TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2006-01-17 9343]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\drivers\TPHKDRV.sys [2005-07-05 17699]
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2006-03-23 4442]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2006-02-27 7168]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-10-18 21275]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-08-01 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-08-01 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-08-01 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-08-01 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-08-01 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-08-01 87004]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-08-01 92700]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-07-07 40544]
R2 EGATHDRV;IBM eGatherer; \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS []
R2 ibmfilter;ibmfilter; \??\C:\WINDOWS\system32\drivers\ibmfilter.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 pmem;pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys []
R2 PrivateDisk;PrivateDisk; \??\C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys []
R2 PROCDD;IPS-Helper-Treiber; C:\WINDOWS\system32\DRIVERS\PROCDD.SYS [2006-03-23 5120]
R2 smi2;smi2; \??\C:\Programme\SMI2\smi2.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-01-31 176128]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-06-07 152960]
R3 AR5211;Dual-band Wi-Fi Wireless Mini PCI Adapter; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-12-21 470208]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-10-26 142720]
R3 CmBatt;Microsoft-Netzteiltreiber; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 CnxEtP;Conexant AccessRunner USB ADSL LAN Adapter Filter Driver; C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2003-07-31 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver; C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2003-07-31 642944]
R3 CnxTgN;Conexant AccessRunner USB ADSL LAN Adapter Driver; C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2003-07-31 103366]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\hsx_dpv.sys [2005-12-06 936448]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys [2005-12-06 192512]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-28 1353820]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2005-11-11 10112]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 Tp4Track;PS/2 TrackPoint Driver; C:\WINDOWS\system32\DRIVERS\tp4track.sys [2008-03-04 22568]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-09-16 57856]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2007-09-15 501800]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\hsx_cnxt.sys [2005-12-06 670208]
S3 ac97intc;Intel(r) 82801 Audiotreiber-Installationsdienst (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2004-10-15 15295]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\WINDOWS\System32\Drivers\BrSerIf.sys [2004-09-29 51712]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\WINDOWS\System32\Drivers\BrUsbSer.sys [2004-01-10 11648]
S3 E100B;Intel(R) PRO-Adaptertreiber; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-18 117760]
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Programme\Lavalys\EVEREST Ultimate Edition\kerneld.wnt []
S3 laaottpi;laaottpi; \??\C:\DOKUME~1\****\LOKALE~1\Temp\laaottpi.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 psadd;IBM PSA Access Driver; \??\C:\WINDOWS\system32\Drivers\psadd.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 agp440;Intel AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
S4 agpCPQ;Compaq AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
S4 alim1541;ALI AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-03 42752]
S4 amdagp;AMD AGP-Bus-Filtertreiber; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-03 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-04 5504]
S4 sisagp;SIS AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-03 41088]
S4 viaagp;VIA AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2006-04-17 40960]
R2 AcSvc;Access Connections Main Service; C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe [2006-04-17 151552]
R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-12 57344]
R2 Diskeeper;Diskeeper; C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe [2006-03-01 626810]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2005-11-11 73782]
R2 IPSSVC;IPS-Basisservice; C:\WINDOWS\system32\IPSSVC.EXE [2006-03-23 73728]
R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2005-06-06 32768]
R2 TVT Backup Service;TVT Backup Service; C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe [2005-12-21 1384448]
R2 TVT Scheduler;TVT Scheduler; C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe [2005-12-21 77824]
R2 UCLauncherService;ThinkVantage System Update; C:\Programme\ThinkVantage\SystemUpdate\UCLauncherService.exe [2005-08-01 40960]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
R3 ACS;ACU Configuration Service; C:\WINDOWS\system32\acs.exe [2005-11-08 36864]
S3 aspnet_state;ASP.NET-Statusdienst; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 PsaSrv;IBM PSA Access Driver Control; C:\WINDOWS\system32\PsaSrv.exe []
S3 WmcCds;Windows Media Connect (WMC); c:\programme\windows media connect\mswmccds.exe [2004-08-11 483328]
S3 WmcCdsLs;Windows Media Connect-Hilfsprogramm; C:\Programme\Windows Media Connect\mswmcls.exe [2004-08-10 28160]

Chronic 12.11.2009 19:19
info.txt

Code:
info.txt logfile of random's system information tool 1.06 2009-11-10 19:09:54

======Uninstall list======

-->C:\WINDOWS\IsUn0407.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
-->MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Access Help-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C6FA39A7-26B1-480A-BC74-6D17531AC222}\SETUP.EXE" -l0x7 UNINSTALL
Ad-Aware-->"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A70000000000}
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Brother MFL-Pro Suite-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}\Setup.exe" -l0x7 Brunin03.dllBrunin03.dll
CCleaner (remove only)-->"C:\Programme\CCleaner\uninst.exe"
ClearProg 1.6.0 Final-->C:\Programme\ClearProg\Uninstall.exe
DCleaner (remove only)-->C:\Programme\DCleaner\Uninst-DC.exe
DesignPro 5-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{F82C6574-AD88-4B40-A432-970BC77F1BD2}
Dienstprogramm 'ThinkPad-Tastaturanpassung'-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\SETUP.EXE" -l0x7 anything
Diskeeper Lite-->MsiExec.exe /X{8E726115-FCBE-43B1-9FB7-06E8E25F9ABE}
Ergänzung zu Productivity Center für ThinkPad-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D728E945-256D-4477-B377-6BBA693714AC}\SETUP.EXE" -l0x7 -AddRemove
EVEREST Ultimate Edition v5.30-->"C:\Programme\Lavalys\EVEREST Ultimate Edition\unins000.exe"
Funktion "TrackPoint-Eingabehilfen"-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EA664480-3844-11D5-8C25-444553540000}\SETUP.EXE"
Google Desktop-->C:\Programme\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Desktop-->MsiExec.exe /I{D0D36568-0B4C-11DA-BD3A-001185653D46}
HDCleaner-->C:\Programme\HDCleaner\uninstaller.exe
Help Center-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{986F64DC-FF15-449D-998F-EE3BCEC6666A}\SETUP.EXE" -l0x7 -AddRemove
HijackThis 2.0.2-->"C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
IBM 32-bit Runtime Environment for Java 2, v1.4.2-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E922961C-6DB6-41DE-9FEA-426DF3E9F81C} /l1031
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
InterVideo WinDVD Creator-->"C:\Programme\InstallShield Installation Information\{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}\setup.exe" REMOVEALL
InterVideo WinDVD-->"C:\Programme\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
LiveReg (Symantec Corporation)-->C:\Programme\Gemeinsame Dateien\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 2.6 (Symantec Corporation)-->C:\Programme\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Message Center-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}\SETUP.EXE" -l0x7 -AddRemove
Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.14)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
OpenOffice.org 2.0-->MsiExec.exe /I{55A4E9CC-3F8D-4940-A2A4-EE04D3BADF74}
PaperPort-->MsiExec.exe /I{71C97545-E547-4A8B-B0C8-61FF853270AC}
PC-Doctor 5 for Windows-->C:\Programme\PCDR5\uninst.exe
Picasa 2-->"C:\Programme\Picasa2\Uninstall.exe"
printFIT Visitenkarten-Druckpaket-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3FD83A7E-4D16-48C3-B26C-15F4548ACEF5}\setup.exe" -l0x7  -uninst
RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Remove Multimedia Center-->C:\ibmtools\apps\recnow\sequencer.exe -fc:\ibmtools\apps\recnow\uninst.seq
Rescue and Recovery - Client Security Solution-->MsiExec.exe /I{BF90215F-2D7B-4C84-8A24-A03BC41B95DD}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sicherheitsupdate für Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Software Installer-->_tpiu000.exe /U
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SopCast 3.0.3-->C:\Programme\SopCast\uninst.exe
SoulSeek 157 NS 13e-->"C:\Programme\SoulseekNS\uninstall.exe"
SoundMAX-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x7  -removeonly
System Migration Assistant-->MsiExec.exe /X{CA89B56F-E71B-4E08-82A9-580533E1C048}
ThinkPad Energie-Manager-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\SETUP.EXE" -l0x7 -AddRemove
ThinkPad FullScreen Magnifier-->RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Programme\Lenovo\PkgMgr\HOTKEY_1\TpScrex.inf
ThinkPad Modem-->C:\Programme\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588\HXFSETUP.EXE -U -ITkp0588p.inf
ThinkPad PC Card Power Policy-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUnInstall 132 C:\IBMTOOLS\OSFIXES\PCMCIAPW\pcmciapw.inf
ThinkPad Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall
ThinkPad TrackPoint Driver-->C:\Programme\Lenovo\TrackPoint\tp4unins.exe
ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}\SETUP.EXE" -l0x7 UNINSTALLFROMSYS
ThinkPad-Dienstprogramm 'EasyEject'-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\SETUP.EXE" -l0x7 -AddRemove
ThinkPad-Konfiguration-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FC081D4D-DF1B-4CF1-B530-027E4118D846}\SETUP.EXE" -l0x7 -AddRemove
ThinkPad-Präsentationsdirektor-->C:\WINDOWS\IsUn0407.exe -fC:\Programme\ThinkPad\Utilities\UNNPDR.isu -cC:\Programme\ThinkPad\Utilities\Tpinsnpd.dll
ThinkVantage Access Connections-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7EB114D8-207F-45AE-BABD-1669715F2630}\SETUP.EXE" -l0x7 anything
ThinkVantage Away Manager-->Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\AWAYTASK.INF
ThinkVantage Productivity Center-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}\SETUP.EXE" -l0x7 -AddRemove
ThinkVantage System Update-->MsiExec.exe /X{2A43FF29-0D97-4445-B82D-9324F176AED5}
ThinkVantage Technologies Welcome Message-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\SETUP.EXE" -l0x7 anything
Trojan Remover 6.8.1-->"C:\Programme\Trojan Remover\unins000.exe"
TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
Update für Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update für Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update für Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update für Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update für Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe"
Veetle TV 0.9.15-->C:\Programme\Veetle\UninstallVeetleTV.exe
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Wallpapers-->MsiExec.exe /I{F386C340-DF4B-4BBA-9503-420FB7EDB395}
WAV MP3 Converter v3.8 build 969-->"C:\Programme\HooTech\WAVMP3\unins000.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Programme\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}
Windows Live Messenger-->MsiExec.exe /X{41E654A9-26D0-4EAC-854B-0FA824FFFABB}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Connect-->msiexec.exe /I {F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Connect-->MsiExec.exe /I{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Format Runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
WinHTTrack Website Copier 3.43-7-->"C:\Programme\WinHTTrack\unins000.exe"
WinRAR-->C:\Programme\WinRAR\uninstall.exe
XP Themes-->MsiExec.exe /I{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}
ZyXEL ADSL USB Modem LAN Adapter-->C:\Programme\ZyXEL\DSL Wizard\Setup.exe -u

=====HijackThis Backups=====

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.inode.at/ [2009-10-06]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Inode [2009-10-31]

======System event log======

Computer Name: LENOVO-614AC77D
Event Code: 7036
Message: Dienst "Terminaldienste" befindet sich jetzt im Status "Ausgeführt".

Record Number: 5
Source Name: Service Control Manager
Time Written: 20091101135041.000000+060
Event Type: Informationen
User:

Computer Name: LENOVO-614AC77D
Event Code: 6005
Message: Der Ereignisprotokolldienst wurde gestartet.

Record Number: 4
Source Name: EventLog
Time Written: 20091101135035.000000+060
Event Type: Informationen
User:

Computer Name: LENOVO-614AC77D
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Uniprocessor Free.

Record Number: 3
Source Name: EventLog
Time Written: 20091101135035.000000+060
Event Type: Informationen
User:

Computer Name: LENOVO-614AC77D
Event Code: 6005
Message: Der Ereignisprotokolldienst wurde gestartet.

Record Number: 2
Source Name: EventLog
Time Written: 20091101134334.000000+060
Event Type: Informationen
User:

Computer Name: LENOVO-614AC77D
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Uniprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20091101134334.000000+060
Event Type: Informationen
User:

=====Application event log=====

Computer Name: LENOVO-614AC77D
Event Code: 4354
Message: Das COM+-Ereignissystem konnte die ConnectionLost-Methode für das Abonnement {45233130-B6C3-44FB-A6AF-487C47CEE611}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} nicht auslösen. Das vom Abonnenten zurückgegebene HRESULT war 80004001.
Record Number: 8278
Source Name: EventSystem
Time Written: 20091021162504.000000+120
Event Type: Warnung
User:

Computer Name: LENOVO-614AC77D
Event Code: 4354
Message: Das COM+-Ereignissystem konnte die ConnectionMade-Methode für das Abonnement {CD1DCBD6-A14D-4823-A0D2-8473AFDE360F}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} nicht auslösen. Das vom Abonnenten zurückgegebene HRESULT war 80004001.
Record Number: 8277
Source Name: EventSystem
Time Written: 20091021161212.000000+120
Event Type: Warnung
User:

Computer Name: LENOVO-614AC77D
Event Code: 4354
Message: Das COM+-Ereignissystem konnte die ConnectionMadeNoQOCInfo-Methode für das Abonnement {A82F0E80-1305-400C-BA56-375AE04264A1}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} nicht auslösen. Das vom Abonnenten zurückgegebene HRESULT war 80004001.
Record Number: 8276
Source Name: EventSystem
Time Written: 20091021161212.000000+120
Event Type: Warnung
User:

Computer Name: LENOVO-614AC77D
Event Code: 4354
Message: Das COM+-Ereignissystem konnte die ConnectionLost-Methode für das Abonnement {45233130-B6C3-44FB-A6AF-487C47CEE611}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} nicht auslösen. Das vom Abonnenten zurückgegebene HRESULT war 80004001.
Record Number: 8275
Source Name: EventSystem
Time Written: 20091021161206.000000+120
Event Type: Warnung
User:

Computer Name: LENOVO-614AC77D
Event Code: 4354
Message: Das COM+-Ereignissystem konnte die ConnectionMade-Methode für das Abonnement {CD1DCBD6-A14D-4823-A0D2-8473AFDE360F}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} nicht auslösen. Das vom Abonnenten zurückgegebene HRESULT war 80004001.
Record Number: 8274
Source Name: EventSystem
Time Written: 20091021160549.000000+120
Event Type: Warnung
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Programme\ThinkPad\Utilities;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\IBM ThinkVantage\Client Security Solution;C:\Programme\Diskeeper Corporation\Diskeeper\;C:\Programme\ThinkPad\ConnectUtilities
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Programme\Gemeinsame Dateien\Sonic Shared\Sonic Central\
"SMA"=C:\Programme\IBM ThinkVantage\SMA\
"TVT"=C:\Programme\IBM ThinkVantage
"IBMSHARE"=%SystemDrive%\IBMSHARE
"RR"=C:\Programme\IBM ThinkVantage\Rescue and Recovery
"TVTPYDIR"=C:\Programme\IBM ThinkVantage\Common\Python24

-----------------EOF-----------------

Angel21 13.11.2009 14:30
Hallo,

Deinstalliere folgende Programme, da sie entweder unnötig sind, oder nicht mehr gebraucht werden:

Zitat:
Google Desktop
PC-Doctor
Trojan Remover

Deinstalliere folgende Programm(e), da sie nicht mehr Uptodate sind:
Zitat:
Adobe Reader 7.0
Installiere:

Adobe - Adobe Reader herunterladen - Alle Versionen


Frei wählbar zum Deinstallieren:

Zitat:
Ad-Aware (meine persönliche Empfehlung, Deinstallation, da es zu schwach ist und du Malwarebytes hast)

Ziehe mir ein neues HJT-Log über die Hijackthis.exe, nicht über RSIT.
Posten.

Chronic 13.11.2009 16:41
Hab jetzt diese Programme deinstalliert, Google Desktop, Adobe, Trojan Remover, Pc-Doc, Ad-aware.

Hijackthis.exe-Log:

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:37:28, on 13.11.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Programme\Lenovo\TrackPoint\tp4serv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\Programme\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Programme\ThinkVantage\AMSG\Amsg.exe
C:\Programme\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programme\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\Lenovo\AwayTask\AwaySch.EXE
C:\Programme\IBM ThinkVantage\Client Security Solution\cssauthe.exe
C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
C:\Programme\ZyXEL\ADSL USB Modem\CnxDslTb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\acs.exe
C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = h**p://www.crawler.com/search/ie.aspx?tb_id=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = h**p://dnl.crawler.com/support/sa_customize.aspx?TbId=60347
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O4 - HKLM\..\Run: [TrackPointSrv] C:\Programme\Lenovo\TrackPoint\tp4serv.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [suScheduler] C:\Programme\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Programme\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [cssauthe] "C:\Programme\IBM ThinkVantage\Client Security Solution\cssauthe.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programme\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programme\ZyXEL\ADSL USB Modem\CnxDslTb.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: ThinkPad-Software - Aktualisierung - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Programme\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=h**p://www.lenovo.com/de/de
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - h**p://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{76D8461C-8D60-4047-9BBA-0A5AD015F0E1}: NameServer = 195.34.133.21 212.186.211.21
O20 - Winlogon Notify: AwayNotify - C:\Programme\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS-Basisservice (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Programme\ThinkVantage\SystemUpdate\UCLauncherService.exe

--
End of file - 8740 bytes

Angel21 13.11.2009 16:47
Öffne Hijackthis.exe -> do a system scan only -> fixe (markiere) folgende Einträge:

Zitat:
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

unten auf "Fix Checked" gehen. Restart....

Danach nochmal den CCleaner durchlaufen lassen und Registry säubern und auch dein Browser.

Danach besuchst du mir mal schnellstens Microsoft auf diesem Link: http://www.microsoft.com/windows/int...D-227368A7875A für den Internet Explorer 8
und hier: http://www.microsoft.com/Windows/win...p/default.aspx für das Service Pack 3.

Danach nach verfügbaren Windows Updates schauen.

Chronic 13.11.2009 17:19
Das mit dem Hijackthis ist erledigt, jetzt muss ich warten bis SP3 unten ist :kaffee:

Soll ich den anderen IE schon deinstallieren, oder den anderen einfach drauf auf den alten installieren?

Brauch ich vielleicht auch das neue Framework??

Angel21 13.11.2009 17:38
lach nein du kannst den Internet Explorer eh nicht deinstallieren xD
Das wird auf die neue Version "überschrieben" quasi ;)

Chronic 13.11.2009 20:45
Zitat:
Zitat von Angel21 (Beitrag 480195)
lach nein du kannst den Internet Explorer eh nicht deinstallieren xD
Das wird auf die neue Version "überschrieben" quasi ;)
Service Pack 3 ist jetzt auch installiert. Gehts jetzt zum nächsten Punkt oder ist eh schon alles fertig? :D

Angel21 13.11.2009 21:35
Bitte noch Windows Updates machen, danach biste sauber.


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:06 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131